b'               REGU\n           EAR     LA\n         CL          T\n\n\n\n\n   NU\n\n\n\n\n                        OR\nSTATES\n\n\n\n\n                          YC\n                         OMMI S\n ED\n\n\n\n\n                         SI\n    IT\n\n\n\n\n                         O\n                    N\n         UN\n\n\n\n\nThe NRC OIG Hotline\nThe Hotline Program provides NRC employees, other Government employees, licensee/utility\nemployees, contractors and the public with a confidential means of reporting suspicious\nactivity concerning fraud, waste, abuse, and employee or management misconduct.\nMismanagement of agency programs or danger to public health and safety may also be\nreported. We do not attempt to identify persons contacting the Hotline.\n\nWhat should be reported:\n\xe2\x80\xa2 Contract and Procurement Irregularities       \xe2\x80\xa2 Abuse of Authority\n                                                                                               Semiannual Report                  to   C o n g r e ss\n\xe2\x80\xa2 Conflicts of Interest                         \xe2\x80\xa2 Misuse of Government Credit Card             October 1, 2010 \xe2\x80\x93 March 31, 2011\n\xe2\x80\xa2 Theft and Misuse of Property                  \xe2\x80\xa2 Time and Attendance Abuse\n\xe2\x80\xa2 Travel Fraud                                  \xe2\x80\xa2 Misuse of Information Technology Resources\n\xe2\x80\xa2 Misconduct                                    \xe2\x80\xa2 Program Mismanagement\n\n\nWays to Contact the OIG\n                                  Call:\n                                  OIG Hotline\n                                  1-800-233-3497\n                                  TDD: 1-800-270-2787\n                                  7:00 a.m. \xe2\x80\x93 4:00 p.m. (EST)\n                                  After hours, please leave a message\n\n\n                                  Submit:\n                                  On-Line Form\n                                  www.nrc.gov\n                                  Click on Inspector General\n                                  Click on OIG Hotline\n\n\n\n                                  Write:\n                                  U.S. Nuclear Regulatory Commission\n                                  Office of the Inspector General\n                                  Hotline Program, MS O5 E13\n                                  11555 Rockville Pike\n                                  Rockville, MD 20852-2738\n\n\nNUREG-1415, Vol. 23, No. 2\nApril 2011\n\x0cOIG VISION                                                           NRC OIG\xe2\x80\x99s STRATEGIC GOALS\n\xe2\x80\x9cWe are agents of positive change striving for continuous            1. S\n                                                                        \x07 trengthen NRC\xe2\x80\x99s efforts to protect public health and safety\nimprovement in our agency\xe2\x80\x99s management and program operations.\xe2\x80\x9d         and the environment.\n                                                                     2. E\x07 nhance NRC\xe2\x80\x99s efforts to increase security in response to an\n                                                                        evolving threat environment.\nNRC OIG MISSION\n                                                                     3. I\x07 ncrease the economy, efficiency, and effectiveness with\nNRC OIG\xe2\x80\x99s mission is to (1) independently and objectively conduct       which NRC manages and exercises stewardship over its\nand supervise audits and investigations relating to NRC\xe2\x80\x99s programs      resources.\nand operations; (2) prevent and detect fraud, waste, and abuse;\nand (3) promote economy, efficiency, and effectiveness in NRC\xe2\x80\x99s\nprograms and operations.\n\n\n\n\nTop Photo: Control Room. Photo by Louie Psihoyos\nvia Getty Images.\n\nBottom Photo: Cherenkov effect in the Reed\nResearch Reactor.\n\nCenter Photo: Pilgrim Nuclear Power Station\nPhoto courtesy of Entergy Nuclear.\n\nRight Photo: Wolf Creek Nuclear Reactor\nPhoto courtesy of Wolf Creek Nuclear Operating Corp.\n\x0cA Message From\nThe Inspector General\nI am pleased to present this Semiannual Report to Congress on the activities\nand accomplishments of the Nuclear Regulatory Commission (NRC) Office of\nthe Inspector General (OIG) from October 1, 2010, to March 31, 2011.\n\nOur work reflects the legislative mandate of the Inspector General Act, which\nis to identify and prevent fraud, waste, and abuse through the conduct of\naudits and investigations relating to NRC programs and operations. The audits and investigations\nhighlighted in this report demonstrate our commitment to ensuring integrity and efficiency in\nNRC\xe2\x80\x99s programs and operations.\n\nThe NRC continues to perform its critical agency functions to ensure the safe and secure civilian\nuse of byproduct, source, and special nuclear materials. During this reporting period, the NRC OIG\ncontinued its focus on critical agency operations to include NRC\xe2\x80\x99s Implementation of 10 CFR Part 21:\nreporting of defects and noncompliance, NRC\xe2\x80\x99s non-concurrence process, and the Inspector\nGeneral\xe2\x80\x99s evaluation of the NRC\xe2\x80\x99s most serious management and performance challenges. Our\nefforts to work with the NRC to identify risks and vulnerabilities early on will afford the agency\nthe opportunity to take any necessary corrective action.\n\nDuring this semiannual period, we issued nine audit reports. As a result of this work, OIG made\na number of recommendations to improve the effective and efficient operation of NRC\xe2\x80\x99s safety,\nsecurity, and corporate management programs. OIG also opened 32 investigations and completed\n12 cases. Six of the open cases were referred to the Department of Justice, and 25\nallegations were referred to NRC management for action.\n\nThe NRC OIG remains committed to the integrity, efficiency, and effectiveness of NRC programs\nand operations, and our audits, investigations, and other activities highlighted in the report\ndemonstrate this ongoing commitment. Those efforts were recently recognized with the granting\nof an Award for Excellence by the Council of the Inspectors General on Integrity and Efficiency to\nan audit team for its report on NRC\xe2\x80\x99s Oversight of Construction at Nuclear Facilities. I would\nlike to acknowledge our auditors, investigators, and support staff for their superior work and\ncommitment to the mission of our office.\n\nFinally, the success of the NRC OIG would not be possible without the collaborative efforts between\nmy staff and agency managers to address OIG findings and to implement the corrective actions\nrecommended by my office. I wish to thank them for their dedication and support, and I look\nforward to their continued cooperation as we work together to ensure the integrity of agency\noperations.\n\n\n\n\nHubert T. Bell\nInspector General\n\n\n\n                                                              October 1, 2010\xe2\x80\x93March 31, 2011          i\n\x0c                                                                 Nuclear reactor vessel head replacement.   Photo courtesy Areva\n\n\n\n\nii   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cContents\n  Highlights          .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . v\n\n  Overview of the NRC and the OIG  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .1\n  \t     NRC\xe2\x80\x99s Mission .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .1\n\n  \t     OIG History, Mission, and Goals .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .2\n\n  \t\t         OIG History .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .2\n\n  \t\t         OIG Mission and Goals .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .3\n\n  OIG Programs and Activities  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .4\n  \t     Audit Program  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .4\n\n  \t     Investigative Program  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .5\n\n  \t     General Counsel Activities .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .6\n\n  \t\t         Regulatory Review .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .6\n\n  \t     Other Activities .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .9\n\n  \t\t         NRC OIG Receives CIGIE Award for Excellence  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .9\n\n  Management and Performance Challenges  .                                               .  .  .  .  .  .  .  .  .  .  .  .  .  . 11\n\n  Audits \t .     .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 12\n\n  \t     Audit Summaries .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 12\n\n  \t     Audits in Progress  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 22\n\n  Investigations  .             .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 28\n\n  \t     Investigative Case Summaries .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 28\n\n  Summary of OIG Accomplishments  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 33\n  \t     Investigative Statistics  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 33\n\n  \t     Audit Listings .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 35\n\n  \t     Audit Resolution Activities  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 37\n\n  Abbreviations and Acronyms  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 41\n  Reporting Requirements  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 42\n  Appendix  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 43\n\n\n\n                                                                                            October 1, 2010\xe2\x80\x93March 31, 2011                 iii\n\x0c                                                                 Cobalt pool technician on bridge.   Photo Daniel Rogall\n\n\n\n\niv   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cHighlights\nThe following two sections highlight selected audits and investigations\ncompleted during this reporting period. More detailed summaries appear in\nsubsequent sections of this report.\n\nAUDITS\n\xe2\x80\xa2\t   The Reports Consolidation Act of 2000 requires the Inspector General (IG)\n     of each Federal agency to summarize annually what he or she considers to\n     be the most serious management and performance challenges facing the\n     agency and to assess the agency\xe2\x80\x99s progress in addressing those challenges.\n     In accordance with the act, the IG at the U.S. Nuclear Regulatory Commission\n     (NRC) updated what he considers to be the most serious management and\n     performance challenges facing NRC as of October 1, 2010. The IG evaluated\n     the overall work of the Office of the Inspector General (OIG), the OIG staff\xe2\x80\x99s\n     general knowledge of agency operations, and other relevant information\n     to develop and update his list of management and performance challenges.\n     As part of the evaluation, OIG staff sought input from NRC\xe2\x80\x99s Chairman,\n     Commissioners, and management to obtain their views on what challenges\n     the agency is facing and what efforts the agency has taken to address previ-\n     ously identified management challenges.\n\n\xe2\x80\xa2\t   The non-concurrence process is part of the agency\xe2\x80\x99s Differing Views\n     Program, and is managed by the Office of Enforcement. NRC\xe2\x80\x99s implemen-\n     tation of an agencywide non-concurrence process supports the agency\xe2\x80\x99s\n     goal of promoting an open collaborative work environment, which values\n     collaborative decisionmaking, diverse views, unbiased evaluations, and\n     honest feedback on how decisions are made. The non-concurrence process\n     was developed to promote discussion and consideration of differing views\n     on draft documents, provide a non-concurrence option for individuals with\n     concerns who had a role in creating or reviewing draft documents, and\n     provide a uniform approach for processing non-concurrences. The audit\n     objective was to determine if the agency\xe2\x80\x99s non-concurrence process is oper-\n     ating as intended.\n\n\xe2\x80\xa2\t   On December 17, 2002, the President signed the E-Government Act of 2002,\n     which included the Federal Information Security Management Act (FISMA)\n     of 2002. FISMA outlines the information security management requirements\n     for agencies, which include an annual independent evaluation of an agen-\n     cy\xe2\x80\x99s information security program and practices to determine their effective-\n     ness. This evaluation must include testing the effectiveness of information\n     security policies, procedures, and practices for a representative subset of the\n     agency\xe2\x80\x99s information systems. FISMA requires the annual evaluation to be\n     performed by the Inspector General or by an independent external auditor.\n     Office of Management and Budget (OMB) memorandum M-10-15, FY 2010\n     Reporting Instructions for the Federal Information Security Management Act\n\n\n\n                                                                October 1, 2010\xe2\x80\x93March 31, 2011   v\n\x0c                             and Agency Privacy Management, dated April 21, 2010, requires the agency\xe2\x80\x99s\n                             OIG to report their responses to OMB\xe2\x80\x99s annual FISMA reporting questions for\n                             OIGs via an automated collection tool. The objective of this review was to\n                             perform an independent evaluation of the NRC\xe2\x80\x99s implementation of FISMA\n                             for FY 2010.\n\n                        \xe2\x80\xa2\t   The Chief Financial Officers Act of 1990, as amended, requires the Inspector\n                             General or an independent external auditor, as determined by the Inspector\n                             General, to annually audit NRC\xe2\x80\x99s financial statements to determine whether\n                             the agency\xe2\x80\x99s financial statements are free of material misstatement. The\n                             audit includes examining, on a test basis, evidence supporting the amounts\n                             and disclosures in the financial statements. It also includes assessing the\n                             accounting principles used and significant estimates made by management\n                             as well as evaluating the overall financial statement presentation. In addi-\n                             tion, the audit evaluates the effectiveness of internal controls over financial\n                             reporting and the agency\xe2\x80\x99s compliance with laws and regulations.\n\n                        \xe2\x80\xa2\t   NRC endeavors to protect the public health and safety and the environ-\n                             ment through the regulation of the 104 operating nuclear power plants in\n                             the United States. The Energy Reorganization Act of 1974, as amended,\n                             Section 206, Noncompliance, provides the statutory basis for NRC guidance\n                             and regulations that pertain to reporting component defects in operating\n                             reactors. Specifically, Section 206 requires licensees that operate nuclear\n                             power plants to notify NRC of defects in basic components that could cause\n                             a substantial safety hazard. The audit objective was to determine if NRC\xe2\x80\x99s\n                             implementation of Federal regulations requiring reactor licensees to report\n                             defects contained in installed equipment is meeting the intent of the Energy\n                             Reorganization Act of 1974, as amended, Section 206, Noncompliance.\n\n                        \xe2\x80\xa2\t   Homeland Security Presidential Directive 12 (HSPD-12) states that it is\n                             national policy to \xe2\x80\x9cenhance security, increase E-Government efficiency,\n                             reduce identity fraud, and protect personal privacy\xe2\x80\x9d by establishing common\n                             identification standards for all Federal Government employees and contrac-\n                             tors. HSPD-12 directs executive branch agencies to use standardized iden-\n                             tification to gain physical access to Federal facilities and logical access to\n                             Federal information systems. NRC has taken steps to meet its HSPD-12\n                             requirements by issuing Personal Identity Verification (PIV) cards and devel-\n                             oping data systems to support use of PIV cards. Use of PIV cards is a basic\n                             element of a broader Government initiative called Identity, Credential, and\n                             Access Management (ICAM), which aims to carry out specific provisions as\n                             well as the full intent of HSPD-12. ICAM programs have two main areas of\n                             operations: physical access control systems, which provide physical security\n                             at Federal facilities, and logical access control systems, which address the\n                             security of Federal computer networks. The audit objective was to assess\n                             whether NRC has effectively implemented its ICAM programs.\n\n\n\n\nvi   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cINV ESTI G AT I O N S\n\xe2\x80\xa2\t   OIG conducted an investigation based on an allegation submitted by a\n     private citizen to NRC under Title 10 Code of Federal Regulations (CFR)\n     Section 2.206, which permits any person to file a petition requesting that\n     the NRC Commission take enforcement-related action, i.e., to modify,\n     suspend, or revoke a license or to take other appropriate action. The\n     2.206 petition must be in writing and provide the grounds for taking the\n     proposed action.\n\n\xe2\x80\xa2\t   OIG conducted an investigation based on an allegation from several stake-\n     holders. The stakeholders alleged that in implementing a pilot program\n     performance-based regulatory standard for fire protection in accordance\n     with 10 CFR 50.48(c) at Shearon Harris nuclear power plant the NRC is\n     directing licensees to use fire models that have not been validated and\n     verified as required by National Fire Protection Association Standard 805.\n     They further alleged that a former NRC employee was wrongfully\n     terminated for speaking out against the performance-based standard\n     for fire protection.\n\n\xe2\x80\xa2\t   OIG conducted an investigation into an allegation that the NRC project\n     manager for two of NRC\xe2\x80\x99s three Safeguards Information Local Area\n     Network and Electronic Safe System (SLES) contracts was requesting\n     out-of-scope records management work from one of the SLES contractors\n     and that the NRC project manager directed contractor staff to enter\n     inaccurate information into SLES database fields.\n\n\xe2\x80\xa2\t   OIG conducted an investigation to determine whether two NRC BlackBerry\n     devices were compromised during an official trip to a foreign country by\n     two NRC staff members.\n\n\n\n\n                                                              October 1, 2010\xe2\x80\x93March 31, 2011   vii\n\x0c                                                                   Reactor cooling tower.   Photo Shutterstock\n\n\n\nviii   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cO v e rv i e w             of the              NRC           and the                 OIG\nNRC\xe2\x80\x99 S M I SSI O N\nNRC was formed in 1975, in accordance with the Energy Reorganization Act of\n1974, to regulate the various commercial and institutional uses of nuclear mate-\nrials. The agency succeeded the Atomic Energy Commission, which previously\nhad responsibility for both developing and regulating nuclear activities.\n\nNRC\xe2\x80\x99s mission is to regulate the Nation\xe2\x80\x99s civilian use of byproduct, source, and\nspecial nuclear materials to ensure adequate protection of public health and\nsafety, promote the common defense and security, and protect the environment.\nNRC\xe2\x80\x99s regulatory mission covers three main areas:\n\n\xe2\x80\xa2 \t\x07Reactors - Commercial reactors that generate\n    electric power and research and test reactors used\n    for research, testing, and training.\n\n\xe2\x80\xa2\t   \x07 aterials - Uses of nuclear materials in medical,\n     M\n     industrial, and academic settings and facilities\n     that produce nuclear fuel.\n\n\xe2\x80\xa2\t   \x07 aste - Transportation, storage, and disposal\n     W\n     of nuclear materials and waste, and decommis-\n     sioning of nuclear facilities from service.\n\nUnder its responsibility to protect public health and safety, NRC has three\nprincipal regulatory functions: (1) establish standards and regulations, (2) issue\nlicenses for nuclear facilities and users of nuclear materials, and (3) inspect facili-\nties and users of nuclear materials to ensure compliance with the requirements.\nThese regulatory functions relate both to nuclear power plants and other uses\nof nuclear materials \xe2\x80\x93 like nuclear medicine programs at hospitals, academic\nactivities at educational institutions, research, and such industrial applications as\ngauges and testing equipment.\n\nThe NRC maintains a current Web site and a public document room at NRC\nheadquarters in Rockville, Maryland, and holds public hearings, public meetings\nin local areas and at NRC offices, and discussions with individuals and\norganizations.\n\n\t\n\n\n\n\n                                                                  October 1, 2010\xe2\x80\x93March 31, 2011   1\n\x0c                        O I G H I STO RY, M IS S IO N , a nd G oa l s\n                        OIG History\n                        In the 1970s, Government scandals, oil shortages, and stories of corrup-\n                        tion covered by newspapers, television, and radio stations took a toll on the\n                        American public\xe2\x80\x99s faith in its Government. The U.S. Congress knew it had to\n                        take action to restore the public\xe2\x80\x99s trust. It had to increase oversight of Federal\n                        programs and operations. It had to create a mechanism to evaluate the effec-\n                        tiveness of Government programs. And, it had to provide an independent voice\n                        for economy, efficiency, and effectiveness within the Federal Government that\n                        would earn and maintain the trust of the American people.\n\n                        In response, Congress passed the landmark legislation known as the Inspector\n                        General Act (IG Act), which President Jimmy Carter signed into law in 1978. The\n                        IG Act created independent Inspectors General, who would protect the integ-\n                        rity of Government; improve program efficiency and effectiveness; prevent and\n                        detect fraud, waste, and abuse in Federal agencies; and keep agency heads,\n                        Congress, and the American people fully and currently informed of the findings\n                        of IG work.\n\n                        Today, the IG concept is a proven success. The IGs continue to deliver significant\n                        benefits to our Nation. Thanks to IG audits and investigations, billions of dollars\n                        have been returned to the Federal Government or have been better spent based\n                        on recommendations identified through those audits and investigations. IG\n                        investigations have also contributed to the prosecution of thousands of wrong-\n                        doers. In addition, the IG concepts of good governance, accountability, and\n                        monetary recovery encourages foreign governments to seek advice from IGs,\n                        with the goal of replicating the basic IG principles in their own governments.\n\n                        \t\n\n                        \t\n\n\n\n\n2   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cOIG Mission and Goals\nNRC\xe2\x80\x99s OIG was established as a statutory entity on April 15, 1989, in accordance\nwith the 1988 amendment to the IG Act. NRC OIG\xe2\x80\x99s mission is to (1) indepen-\ndently and objectively conduct and supervise audits and investigations relating\nto NRC programs and operations; (2) prevent and detect fraud, waste, and\nabuse; and (3) promote economy, efficiency, and effectiveness in NRC programs\nand operations.\n\nOIG is committed to ensuring the integrity of NRC programs and operations.\nDeveloping an effective planning strategy is a critical aspect of accomplishing\nthis commitment. Such planning ensures that audit and investigative resources\nare used effectively. To that end, OIG developed a strategic plan1 that includes\nthe major challenges and critical risk areas facing NRC.\n\nThe plan identifies the priorities of OIG and establishes a shared set of expecta-\ntions regarding the goals OIG expects to achieve and the strategies that will be\nemployed to do so. OIG\xe2\x80\x99s Fiscal Years 2008-2013 Strategic Plan features three\ngoals, which generally align with NRC\xe2\x80\x99s mission and goals:\n\n\t      1. \x07Strengthen NRC\xe2\x80\x99s efforts to protect public health and safety and the\n           environment.\n\n       2.\t \x07Enhance NRC\xe2\x80\x99s efforts to increase security in response to an evolving\n           threat environment.\n\n       3. \x07Increase the economy, efficiency, and effectiveness with which NRC\n           manages and exercises stewardship over its resources.\n\n\n\n\n1\n    OIG\xe2\x80\x99s current strategic plan covers the period FY 2008 through FY 2013.\n\n\n\n\n                                                                              October 1, 2010\xe2\x80\x93March 31, 2011   3\n\x0cOI G P r o g r am s                              and            A c ti v iti e s\n                        A u dit Progr a m\n                        The OIG Audit Program focuses on management and financial operations;\n                        economy or efficiency with which an organization, program, or function is\n                        managed; and whether the programs achieve intended results. OIG auditors\n                        assess the degree to which an organization complies with laws, regulations, and\n                        internal policies in carrying out programs, and they test program effectiveness\n                        as well as the accuracy and reliability of financial statements. The overall\n                        objective of an audit is to identify ways to enhance agency operations and\n                        promote greater economy and efficiency. Audits comprise four phases:\n\n                        \xe2\x80\xa2\t   \x07 urvey phase - An initial phase of the audit process is used to gather\n                             S\n                             information, without detailed verification, on the agency\xe2\x80\x99s organization,\n                             programs, activities, and functions. An assessment of vulnerable areas\n                             determines whether further review is needed.\n\n                        \xe2\x80\xa2\t   \x07 erification phase - Detailed information is obtained to verify findings and\n                             V\n                             support conclusions and recommendations.\n\n                        \xe2\x80\xa2\t   \x07 eporting phase - The auditors present the information, findings, conclu-\n                             R\n                             sions, and recommendations that are supported by the evidence gathered\n                             during the survey and verification phases. Exit conferences are held with\n                             management officials to obtain their views on issues in the draft audit\n                             report. Comments from the exit conferences are presented in the published\n                             audit report, as appropriate. Formal written comments are included in their\n                             entirety as an appendix in the published audit report.\n\n                        \xe2\x80\xa2\t   \x07 esolution phase - Positive change results from the resolution process\n                             R\n                             in which management takes action to improve operations based on the\n                             recommendations in the published audit report. Management actions\n                             are monitored until final action is taken on all recommendations. When\n                             management and OIG cannot agree on the actions needed to correct a\n                             problem identified in an audit report, the issue can be taken to the NRC\n                             Chairman for resolution.\n\n                        Each September, OIG issues an Annual Plan that summarizes the audits planned\n                        for the coming fiscal year. Unanticipated high priority issues may arise that\n                        generate audits not listed in the Annual Plan. OIG audit staff continually\n                        monitor specific issues areas to strengthen OIG\xe2\x80\x99s internal coordination and\n                        overall planning process. Under the OIG Issue Area Monitor (IAM) program,\n                        staff designated as IAMs are assigned responsibility for keeping abreast of major\n                        agency programs and activities. The broad IAM areas address nuclear reactors,\n                        nuclear materials, nuclear waste, international programs, security, information\n                        management, and financial management and administrative programs.\n\n\n\n\n4   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cINV ESTI G AT I VE P RO G R AM\nOIG\xe2\x80\x99s responsibility for detecting and preventing fraud, waste, and abuse within\nNRC includes investigating possible violations of criminal statutes relating to\nNRC programs and activities, investigating misconduct by NRC employees, inter-\nfacing with the Department of Justice on OIG-related criminal matters, and\ncoordinating investigations and other OIG initiatives with Federal, State, and\nlocal investigative agencies and other OIGs. Investigations may be initiated as a\nresult of allegations or referrals from private citizens; licensee employees; NRC\nemployees; Congress; other Federal, State, and local law enforcement agencies;\nOIG audits; the OIG Hotline; and IG initiatives directed at areas bearing a high\npotential for fraud, waste, and abuse.\n\nBecause NRC\xe2\x80\x99s mission is to protect the health and safety of the public, OIG\xe2\x80\x99s\nInvestigative Program directs much of its resources and attention on investiga-\ntions of alleged conduct by NRC staff that could adversely impact matters related\nto health and safety. These investigations may address allegations of:\n\n\xe2\x80\xa2\t   \x07 isconduct by high-ranking NRC officials and other NRC officials, such as\n     M\n     managers and inspectors, whose positions directly impact public health and\n     safety.\n\n\xe2\x80\xa2\t   F\x07 ailure by NRC management to ensure that health and safety matters are\n      appropriately addressed.\n\n\xe2\x80\xa2\t   F\x07 ailure by NRC to appropriately transact nuclear regulation publicly and\n      candidly and to openly seek and consider the public\xe2\x80\x99s input during the\n      regulatory process.\n\n\xe2\x80\xa2\t   \x07 onflicts of interest involving NRC employees and NRC contractors and\n     C\n     licensees, including such matters as promises of future employment for\n     favorable or inappropriate treatment and the acceptance of gratuities.\n\n\xe2\x80\xa2\t   F\x07 raud in the NRC procurement program involving contractors violating\n      Government contracting laws and rules.\n\nOIG has also implemented a series of proactive initiatives designed to identify\nspecific high-risk areas that are most vulnerable to fraud, waste, and abuse.\nA primary focus is electronic-related fraud in the business environment. OIG\nis committed to improving the security of this constantly changing electronic\nbusiness environment by investigating unauthorized intrusions and computer-\nrelated fraud, and by conducting computer forensic examinations. Other proac-\ntive initiatives focus on determining instances of procurement fraud, theft of\nproperty, Government credit card abuse, and fraud in Federal programs.\n\n\n\n\n                                                                October 1, 2010\xe2\x80\x93March 31, 2011   5\n\x0c                        G E N E R AL C O U N S EL A CT IV IT IE S\n                        Regulatory Review\n                        Pursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG\n                        reviews existing and proposed legislation, regulations, policy, and implementing\n                        management directives (MD), and makes recommendations to the agency\n                        concerning their impact on the economy and efficiency of agency programs and\n                        operations.\n\n                        Regulatory review is intended to provide assistance and guidance to the agency\n                        prior to the concurrence process so as to avoid formal implementation of\n                        potentially flawed documents. OIG does not concur or object to the agency\n                        actions reflected in the regulatory documents, but rather offers comments and\n                        requests responsive action within specified timeframes.\n\n                        Comments provided in regulatory review reflect an objective analysis of the\n                        language of proposed agency statutes, directives, regulations, and policies\n                        resulting from OIG insights from audits, investigations, and historical data and\n                        experience with agency programs. OIG review is structured so as to identify\n                        vulnerabilities and offer additional or alternative choices.\n\n                        From October 1, 2010, through March 31, 2011, OIG reviewed more than 250\n                        agency documents, including approximately 185 Commission papers (SECYs);\n                        Staff Requirements Memoranda; and 75 Federal Register Notices, regulatory\n                        actions, and statutes.\n\n                        To effectively track the agency\xe2\x80\x99s response to OIG regulatory review, comments\n                        include a request for written replies within 90 days, with either a substantive\n                        reply or status of issues raised by OIG.\n\n                        During this reporting period, the OIG commented on several management\n                        directives related to agency communications and two security related directives.\n                        In addition, OIG provided substantive observations on the agency\xe2\x80\x99s strategic\n                        plan. Also, the agency provided responsive comments for eight matters previ-\n                        ously reviewed by OIG. Significant comments and suggestions provided by OIG\n                        in our regulatory reviews during this period are summarized below.\n\n                             Management Directives\n\n                             Draft MD and Handbook 3.5, Attendance at NRC Staff-Sponsored Meetings,\n                             provides guidance so that members of the public have the opportunity to\n                             enhance their understanding of the agency\xe2\x80\x99s regulatory process through\n                             attendance at, and/or participation in, the agency\xe2\x80\x99s public meetings with\n                             applicants, licensees, and others. It also provides guidance so that all public\n                             meetings are noticed in a timely manner to inform interested stakeholders\n\n\n\n\n6   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cabout NRC\xe2\x80\x99s meetings so as to balance the NRC\xe2\x80\x99s objective of openness and the\npublic\xe2\x80\x99s interest in attending or participating in NRC meetings against the need\nfor the NRC staff to exercise its regulatory and safety responsibilities without\nundue administrative burden. The draft document was well organized and\npartially responsive to audit report OIG-10-A-14, NRC\xe2\x80\x99s Process for Closed Meet-\nings. The audit report recommended clearer definitions and clarification to\nensure that notices and summaries are available in the agency\xe2\x80\x99s ADAMS data-\nbase. The draft directive appeared to resolve the first issue, but the public avail-\nability of notices and summaries was not adequately addressed. In addition, the\nOIG commentary identified incorrect references and the need for consistency in\ndirections regarding notices to the public.\n\nMD and Handbook 3.7, NUREG Series Publications, was revised entirely to\nconsolidate content of existing MD 3.7, Unclassified Staff Publications in the\nNUREG Series, and 3.8, Unclassified Contractor and Grantee Publications in the\nNUREG Series, and to establish a new, simplified designator system for NUREG-\nseries publications. The revision was also intended to identify and clarify the\nresponsibilities of NRC managers, staff, and project officers and add tips for\nwriting in plain language. The OIG review found the revision to be generally\nwell constructed. OIG comments reflected concern with regard to consistency\nin identifying the Office of the General Counsel (OGC) role in publications and\nsuggested that the procedures for compiling and publishing proceedings be\ncross-referenced.\n\nMD 3.11, Conferences and Conference Proceedings, was revised with the speci-\nfied goals of identifying appropriate responsible organizations; incorporating\nnew procurement procedures; and providing information about proprietary\nand copyrighted materials, revised forms, and exhibits to illustrate appropriate\nformats for individual papers in a conference proceeding. The revision achieved\nthese objectives in a comprehensive fashion. Our comments for this document\nidentified the need for consistent direction on the role of OGC and correction of\nlisted references.\n\nDraft MD 3.12, Handling and Disposition of Foreign Documents and Transla-\ntions, was intended to clarify and update the policies and procedures appli-\ncable to NRC\xe2\x80\x99s translations program. The OIG review found that MD 3.12 and\nits associated handbook do not provide adequate guidance to NRC personnel\nwho procure translation services. OIG provided observations from our own staff\nexperience to highlight the need for more specificity in the guidance provided.\nThe OIG commentary noted that at the time of an OIG-observed NRC inspec-\ntion in Japan there was confusion on how NRC would use interpreters. The\ntwo Japanese interpreters serving the inspection team were used to sharing the\ninterpretation duties between them. That is, one would interpret for an hour\nwhile the other took a break and then they would switch roles\xe2\x80\x94and do this\nall day. This is not how NRC inspections work. The team of inspectors needed\n\n\n\n\n                                                              October 1, 2010\xe2\x80\x93March 31, 2011   7\n\x0c                        both interpreters to be available to work the full day but this was not what the\n                        interpreters expected or wanted to do. In addition, OIG related that MD 3.12\n                        may not be the best place to provide guidance for procurement of interpretive\n                        services, but it may be beneficial to ensure guidance or points of contact to get\n                        guidance are identified in MD 3.12. Further, OIG commented that for inter-\n                        pretation services for overseas inspections, guidance should be added on the\n                        amount of time these services typically take so that this time can be taken into\n                        account when scheduling overseas inspections.\n\n                        Draft MD and Handbook 3.15, Multimedia Services, was formerly titled Audio-\n                        visual and Photographic Services. The draft update was found to be complete\n                        and detailed. OIG comments corrected references and title names.\n\n                        Communication Issues\n\n                        The draft agency implementing document for Executive Order 13166,\n                        Limited English Proficiency (LEP) Plan, was generally comprehensive and well\n                        constructed. Our two primary comments identified an alternative definition of\n                        \xe2\x80\x9celigible LEP persons\xe2\x80\x9d and added a section to address law enforcement\n                        activities and language services needed for this activity.\n\n                        The purpose of draft MD 12.5, NRC Computer Security Program, is to provide\n                        guidance to appropriate security measures to protect NRC information and\n                        information systems. This includes ensuring that security measures provide\n                        the appropriate level of protection and reliable access to NRC information and\n                        information systems by authorized individuals only; the NRC automated infor-\n                        mation security program complies with the requirements of the FISMA, OMB\n                        policy guidance, and related policies, procedures, standards, and guidelines,\n                        including information security standards and guidelines for national security\n                        systems; and senior agency officials provide information security for the infor-\n                        mation and information systems that support the operations and assets under\n                        their control. The OIG comments related additional details on the role and\n                        responsibilities, evidence collection and retention and access authority of the\n                        Inspector General, as well as agency reporting requirements to the OIG.\n\n                        Draft MD 12.3, NRC Personnel Security Program, is intended to provide guid-\n                        ance to assure that NRC employees, consultants, contractors, and licensees are\n                        reliable and trustworthy to have access to NRC facilities, classified information,\n                        sensitive NRC information and equipment, nuclear power facilities, and special\n                        nuclear material. In addition to minor language changes, review of the revised\n                        directive and handbook resulted in comments suggesting that consistent align-\n                        ment in the organizational responsibilities sections would add additional clarity.\n\n                        NRC Strategic Plan\n\n                        The OIG comments on the draft strategic plan focused generally on two\n                        matters: the failure to address FY 2011 Inspector General Management and\n                        Performance Challenge, \xe2\x80\x9cAdministration of all aspects of financial manage-\n\n\n\n8   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0c  ment and procurement,\xe2\x80\x9d and that removal of references to the construction\n  of a high-level waste facility appeared to be premature in view of the ongoing\n  legal disputes involving this matter. In addition, OIG related that the plan did\n  not appear to address the loss of retiring employees who possess fungible skills\n  and the capability of remaining staff to address issues associated with legacy\n  facilities that are undergoing relicensing.\n\n\n\n\nOTHER A C T I VI T I E S\nNRC OIG Receives CIGIE Award for Excellence\nIn 2010, the Council of the Inspectors General on\nIntegrity and Efficiency recognized an OIG audit team\nwith the prestigious CIGIE Award for Excellence. The\naudit team was recognized for exceptional perfor-\nmance in identifying opportunities for improvement\nin NRC\xe2\x80\x99s construction inspection program for civilian-\nuse nuclear reactor and fuel cycle facilities built in the\nUnited States. The team consisted of Sherri Miotla,\nTeam Leader; Catherine Colleli, Audit Manager;\nEric Rivera, Audit Manager; and Tim Wilson, Senior\nAnalyst.\n                                                                 OIG receives CIGIE Award. Pictured left to right are Eric\nIn recent years, there has been renewed worldwide            Rivera, Audit Manager; Sherri A. Miotla, Team Leader;\ninterest in constructing nuclear facilities. NRC is respon-  Steven E. Zane, Deputy Assistant Inspector General for\n                                                             Audits; Timothy Wilson, Senior Analyst; Hubert T. Bell,\nsible for licensing and inspecting construction activities   Inspector General; Catherine M. Colleli, Audit Manager;\nof new civilian-use nuclear reactor and fuel cycle facili-   David C. Lee, Deputy Inspector General; and Stephen D.\nties built in the United States. The nuclear industry is     Dingbaum, Assistant Inspector General for Audits.\nresponsible for ensuring that the design and construc-\ntion of these facilities are in accordance with applicable NRC regulations.\n\nDuring the 1970s and 1980s, NRC and its predecessor, the Atomic Energy\nCommission, oversaw the industry\xe2\x80\x99s construction of the first generation of U.S.\nnuclear plants. Several of the construction projects experienced significant\nproblems related to design and construction quality resulting in the cancel-\nlation of several plants in various stages of construction. Congress, at that\ntime, questioned NRC\xe2\x80\x99s ability to provide effective regulatory oversight of the\nconstruction activities and directed the agency to study ways to improve quality\nin the construction of future plants. In response to the congressional directive,\nNRC issued, in May 1984, NUREG-1055, Improving Quality and the Assurance\nof Quality in the Design and Construction of Nuclear Power Plants: A Report to\nCongress. The report concluded that NRC\xe2\x80\x99s inspection practices were inadequate\nand offered several recommendations to improve NRC programs.\n\nIn 2006, NRC reorganized in response to the anticipated new reactor licensing\nand construction inspection workload. The Office of New Reactors was created\nwith the primary responsibility for developing the agency\xe2\x80\x99s construction\n\n\n                                                                     October 1, 2010\xe2\x80\x93March 31, 2011                   9\n\x0c                       inspection program and its associated program guidance. This program was\n                       designed to ensure that plants are built in accordance with the approved design\n                       and licensing requirements and will operate in compliance with NRC regulations.\n\n                       The audit team found2 that NRC\xe2\x80\x99s process for identifying construction lessons\n                       learned contains some, but not all, of the key elements of a successful program.\n                       While NRC\xe2\x80\x99s guidance document lays out the foundation for gathering lessons\n                       learned data related to construction, it does not comprehensively contain all the\n                       key elements identified as important to the success of an organization\xe2\x80\x99s lessons\n                       learned program. The agency falls short in formally identifying a lessons learned\n                       definition, collection and implementation procedures, as well as appropriate\n                       resources. NRC\xe2\x80\x99s culture regarding its construction lessons learned process also\n                       tends to be informal. More specifically,\n\n                       \xe2\x80\xa2 \x07The agency has not formally identified a lessons learned definition, presuming\n                          that the definition is commonly understood. Yet, all have different under-\n                         standings and expectations for what it might include with most believing that\n                         lessons learned are negative events and not allowing for the possibility of\n                         including a positive event.\n\n                       \xe2\x80\xa2 \x07While the agency has incorporated guidance for maintaining and improving\n                          its lessons learned process, it lacks formal criteria to help identify which issues\n                          must be brought forward for management consideration.\n\n                       \xe2\x80\xa2 \x07The agency does not have a procedure that documents how lessons learned\n                          are implemented through the Construction Inspection Program.\n\n                       \xe2\x80\xa2 \x07The agency does not identify the level of expertise required for staff\n                          involvement in the construction lessons learned evaluation process.\n\n                       As such, the lack of well-developed guidance could jeopardize the construction\n                       inspection program\xe2\x80\x99s goal to prevent recurrences of construction related\n                       problems and may compromise the public\xe2\x80\x99s confidence in NRC\xe2\x80\x99s ability to\n                       effectively oversee new nuclear construction projects.\n\n                       Moreover, the successful implementation of the construction inspection program\n                       is closely tied to the level of experience and qualifications of the agency\xe2\x80\x99s\n                       inspectors. However, a majority of NRC\xe2\x80\x99s construction inspection staff will have\n                       little, if any, actual experience overseeing construction activities. For fiscal year\n                       2009, the agency budgeted $243.5 million, including 819 full-time equivalent\n                       staff, for new reactor activities to include the construction inspection program.\n                       These staff members provide varying amounts of support to the program on an\n                       ongoing basis.\n\n\n\n                        2\n                            \x07Audit findings described were presented in OIG-09-A-17, Audit of NRC\xe2\x80\x99s Oversight of\n                             Construction at New Nuclear Facilities (September 29, 2009).\n\n\n\n10   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cWithout fully developed guidance, agency inspection staff could miss\nopportunities to identify and analyze potentially significant negative and\npositive lessons learned associated with construction activities. This becomes\nespecially important in NRC\xe2\x80\x99s current regulatory environment, which has seen no\nnew domestic nuclear power plant construction in more than 20 years.\n\nThe audit team made a comprehensive recommendation to enhance the agen-\ncy\xe2\x80\x99s construction inspection program and its associated guidance to include key\nelements identified as important to the success of an organization\xe2\x80\x99s lessons\nlearned program. The agency agreed with the recommendation and is imple-\nmenting corrective actions to improve its program for the construction of\ncivilian-use nuclear reactor and fuel cycle facilities built in the United States.\n\n\n\n\nManagement                        and        P e r f o r ma n c e\nChallenges\n             Most Serious Management and Performance Challenges\n                  Facing the Nuclear Regulatory Commission *\n                              as of October 1, 2010\n                     (as identified by the Inspector General)\n\n  Challenge 1\t Protection of nuclear material used for civilian purposes.\n\n  Challenge 2\t\x07Managing information to balance security with openness and\n               accountability.\n\n  Challenge 3\t\x07Ability to modify regulatory processes to meet a changing\n               environment, to include the licensing of new nuclear facilities.\n\n  Challenge 4\t Oversight of radiological waste.\n\n  Challenge 5\t\x07Implementation of information technology and information\n               security measures.\n\n  Challenge 6\t\x07Administration of all aspects of financial management and\n               procurement.\n\n  Challenge 7\t Managing human capital.\n\n\n  *\x07The most serious management and performance challenges are not ranked in\n    any order of importance.\n\n\n\n\n                                                              October 1, 2010\xe2\x80\x93March 31, 2011   11\n\x0cA u d it s\n                                To help the agency improve its effectiveness and efficiency during this period,\n                                OIG completed nine financial and performance audits or evaluations, six of\n                                which are summarized here that resulted in numerous recommendations to NRC\n                                management.\n\n                                AUD I T SUMMA R IE S\n                                Audit of NRC\xe2\x80\x99s Non-Concurrence Process\n                                OIG Strategic Goal: Safety\n             Non-Concurrence Process\n                                                       The non-concurrence process is part of the agency\xe2\x80\x99s\n                                                       Differing Views Program, and is managed by the Office\n                                                       of Enforcement. NRC\xe2\x80\x99s implementation of an agency-\n                                                       wide non-concurrence process supports the agency\xe2\x80\x99s goal\n                                                       of promoting an open collaborative work environment,\n                                                       which values collaborative decisionmaking, diverse views,\n                                                       unbiased evaluations, and honest feedback on how deci-\n                                                       sions are made. The non-concurrence process was devel-\n                                                       oped to promote discussion and consideration of differing\n                                                       views on draft documents, provide a non-concurrence\n                                                       option for individuals with concerns who had a role in\n                                                       creating or reviewing draft documents, and provide a\n                                                       uniform approach for processing non-concurrences.\n\n                                                         The Executive Director for Operations issued draft MD\n                                                         and Handbook 10.158, NRC Non-Concurrence Process,\n                                                         via Yellow Announcement on November 29, 2006. The\n                                                         Yellow Announcement directed staff to follow the\nSource: MD 10.158, Appendix A\n                                requirements in the interim directive and handbook, which were to supersede\n                                any existing office-level non-concurrence procedures. At the time of its 2006\n                                issuance, MD 10.158 was expected to remain in interim status for approximately\n                                1 year to gain operating experience to make informed revisions to the directive\n                                before its finalization. Finalization of MD 10.158 was further prolonged after\n                                the initial 1-year period to gain additional operating experience. Currently, MD\n                                10.158 remains in interim status and is scheduled to be finalized in June 2013.\n\n                                The audit objective was to determine if the agency\xe2\x80\x99s non-concurrence process is\n                                operating as intended.\n\n                                Audit Results:\n                                The agency\xe2\x80\x99s non-concurrence process is a valuable tool in facilitating discussion\n                                of differing views between staff and management and is generally implemented\n                                as it was intended. However, OIG identified opportunities for improvement\n                                within the non-concurrence process in the following two areas:\n\n                                \xe2\x80\xa2\t   Agency guidance and training.\n\n\n12     N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0c\xe2\x80\xa2\t    Capture and review of operating experience.\n\nAgency Guidance and Training on Non-Concurrence Process Can Be Improved\n\nAlthough the agency provides guidance and training on the non-concurrence\nprocess, the guidance is incomplete and the training is limited. Providing properly\nimplemented guidance and training that effectively communicate policies, objec-\ntives, responsibilities, authorities, requirements, and information to employees are\nessential human capital practices that help to ensure employees have the knowl-\nedge and skills to perform their job and accomplish the agency mission. However,\nagency guidance on the non-concurrence process is imprecise and remains in\nprolonged interim status. Furthermore, interviews with staff and managers who\nhave been involved in the process revealed that 70 percent did not understand\ntheir respective rights, roles, and responsibilities under the process as compared\nto that described in MD 10.158. In addition, 51 percent exhibited a misunder-\nstanding of the purpose and expectations for implementing the process.\n\nTraining on the agency\xe2\x80\x99s non-concurrence process is not provided in a medium that\nis routinely available to all staff when they need it. Without precise guidance and\ntimely training, the non-concurrence process will continue to be inconsistently imple-\nmented and staff will perceive the process as ineffective and inefficient. Furthermore,\nsome staff are hesitant to raise differing views through the agency\xe2\x80\x99s non-concurrence\nprocess because they perceive a negative stigma attached to the process.\n\nNon-Concurrence Operating Experience Is Not Routinely or Comprehensively\nCaptured or Reviewed\n\nMD 10.158 was implemented as interim guidance in November 2006 with the\nintention that the agency gain operating experience in order to make informed\nrevisions to the directive prior to its final issuance. According to management, a\nprolonged interim status would allow operating experience to be gained, which,\nin turn, would be used to make informed revisions to the management directive.\nProgram management best practices include strategies for routinely reviewing\nand capturing operating experience. However, because the non-concurrence\nprocess was implemented by design without a requirement to conduct regular\nprogram reviews, operating experience is not being formally captured or\nreviewed. As a result, it would be difficult for program management to perform\na comprehensive assessment of the non-concurrence process and determine\nwhat revisions are needed to improve MD 10.158. Furthermore, the agency\xe2\x80\x99s\nknowledge management initiative is negatively impacted when Forms 757,\n\xe2\x80\x9cNon-Concurrence Process,\xe2\x80\x9d3 which are key decisionmaking documents, are\ninconsistently tracked, profiled, and retained.\n\n(Addresses Management and Performance Challenge # 2)\n\n\n3\n    \x07 RC Form 757 is a key decisionmaking document specific to the agency\xe2\x80\x99s non-concurrence\n    N\n    process that provides a forum for the non-concurring individual, select document contributors,\n    and management to respectively document and address concerns regarding a draft document.\n\n\n\n                                                                           October 1, 2010\xe2\x80\x93March 31, 2011   13\n\x0c                       Independent Evaluation of NRC\xe2\x80\x99s Implementation of the\n                       Federal Information Security Management Act for Fiscal\n                       Year 2010\n                       OIG Strategic Goal: Security\n                       On December 17, 2002, the President signed the E-Government Act of 2002,\n                       which included the Federal Information Security Management Act (FISMA) of\n                       2002.4 FISMA outlines the information security management requirements for\n                       agencies, which include an annual independent evaluation of an agency\xe2\x80\x99s\n                       information security program5 and practices to determine their effectiveness.\n                       This evaluation must include testing the effectiveness of information security\n                       policies, procedures, and practices for a representative subset of the agency\xe2\x80\x99s\n                       information systems. FISMA requires the annual evaluation to be performed by\n                       the IG or by an independent external auditor. OMB memorandum M-10-15,\n                       FY 2010 Reporting Instructions for the Federal Information Security\n                       Management Act and Agency Privacy Management, dated April 21, 2010,\n                       requires the agency\xe2\x80\x99s OIG to report their responses to OMB\xe2\x80\x99s annual FISMA\n                       reporting questions for OIGs via an automated collection tool.\n\n                       The objective of this review was to perform an independent evaluation of the\n                       NRC\xe2\x80\x99s implementation of FISMA for FY 2010.\n\n                       As of completion of fieldwork, NRC had 25 operational systems that fall under\n                       FISMA reporting requirements.6 Of the 25, 8 are general support systems,7 and\n                       17 are major applications.8 NRC had three systems operated by a contractor\n                       or other organization on behalf of the agency (one major application and two\n                       general support systems).\n\n\n\n\n                       4\n                           \x07The Federal Information Security Management Act of 2002 was enacted on December 17, 2002,\n                            as part of the E-Government Act of 2002 (Public Law 107-347) and replaces the E-Government\n                            Information Security Reform Act, which expired in November 2002.\n                       5\n                           \x07For the purposes of FISMA, the agency uses the term \xe2\x80\x9cinformation system security program.\xe2\x80\x9d\n                       6\n                           \x07NRC also has a number of major applications and general support systems currently in\n                            development. For FISMA reporting purposes, only operational systems are considered.\n                       7\n                           \x07A general support system is an interconnected set of information resources under the same direct\n                            management control that share common functionality. Typical general support systems are local\n                            and wide area networks, servers, and data processing centers.\n                       8\n                           \x07A major application is a computerized information system or application that requires special\n                            attention to security because of the risk and magnitude of harm that would result from the loss,\n                            misuse, or unauthorized access to or modification of the information in the application.\n\n\n\n\n14   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0c                                                   Total Number of Agency and Contractor Systems\n                                                               and Numbers Reviewed\n                                                           by FIBS 199 System Impact Level\nEvaluation Results:\nProgram Enhancements and\nImprovements\n\nOver the past 8 years, NRC has continued\nto make improvements to its information\nsystem security program and continues to\nmake progress in implementing the recom-                                                  Source: OIG Data\nmendations resulting from previous FISMA evaluations.\nThe agency has accomplished the following since the FY 2009 FISMA\nindependent evaluation:\n\n\xe2\x80\xa2\t   The agency continued to make significant progress in certifying and accrediting\n     its systems. For the first time since 2001, when reporting on certification and\n     accreditation began under Government Information Security Reform Act, all\n     NRC operational systems, including all contractor systems for which NRC has\n     direct oversight, have a current certification and accreditation. In FY 2010,\n     the agency completed certification and accreditation of three existing agency\n     systems and two new systems, and reaccredited four agency systems. As of\n     the completion of fieldwork for FY 2010, all 25 operational NRC information\n     systems and all 3 systems used or operated by a contractor or other organiza-\n     tion on behalf of the agency had a current certification and accreditation.\n\n\xe2\x80\xa2\t   The agency completed or updated security plans for all of the agency\xe2\x80\x99s 25\n     operational systems and for all 3 contractor systems.\n\n\xe2\x80\xa2\t   The agency completed annual security control testing for all agency systems\n     and for all contractor systems.\n\n\xe2\x80\xa2\t   The agency completed annual contingency plan testing for all but one agency\n     system and for all contractor systems, including updating the contingency plans.\n\n\xe2\x80\xa2\t   The agency issued several new Computer Security Office processes including the\n     NRC Agency-wide Continuous Monitoring Program, the NRC Security Impact\n     Assessment Process, and the NRC Plan of Action and Milestones (POA&M)\n     Process.\n\nProgram Weakness\n\nWhile the agency has continued to make improvements in its information system\nsecurity program and has made progress in implementing the recommendations\nresulting from previous FISMA evaluations, the independent evaluation identi-\nfied one information system security program weakness\xe2\x80\x93\xe2\x80\x94a repeat finding from\nseveral previous independent evaluations: the agency\xe2\x80\x99s POA&M program still needs\nimprovement.\n\n(Addresses Management and Performance Challenge # 5)\n\n\n\n                                                             October 1, 2010\xe2\x80\x93March 31, 2011           15\n\x0c                       Results of the Audit of the Nuclear Regulatory Commission\xe2\x80\x99s\n                       Financial Statements for Fiscal Years 2010 and 2009\n                       OIG Strategic Goal: Corporate Management\n                       The Chief Financial Officers Act of 1990, as amended, requires the Inspector\n                       General or an independent external auditor, as determined by the Inspector\n                       General, to annually audit NRC\xe2\x80\x99s financial statements to determine whether\n                       the agency\xe2\x80\x99s financial statements are free of material misstatement. The audit\n                       includes examining, on a test basis, evidence supporting the amounts and\n                       disclosures in the financial statements. It also includes assessing the accounting\n                       principles used and significant estimates made by management as well as\n                       evaluating the overall financial statement presentation.\n\n                       In addition, the audit evaluated the effectiveness of internal controls over\n                       financial reporting and the agency\xe2\x80\x99s compliance with laws and regulations.\n\n                       Audit Results:\n                       Financial Statements\n                       The auditors expressed an unqualified opinion on the agency\xe2\x80\x99s FY 2010 and 2009\n                       financial statements.\n\n                       Internal Controls\n                       The auditors expressed an unqualified opinion on the agency\xe2\x80\x99s internal controls.\n\n                       Compliance with Laws and Regulations\n                       The auditors found no reportable instances of noncompliance with laws and\n                       regulations.\n\n                       (Addresses Management and Performance Challenge #6)\n\n\n\n                       Audit of NRC\xe2\x80\x99s Implementation of 10 CFR Part 21,\n                       Reporting of Defects and Noncompliance\n                       OIG Strategic Goal: Safety\n                       NRC endeavors to protect the public health and safety and the environment\n                       through the regulation of the 104 operating nuclear power plants in the United\n                       States. The Energy Reorganization Act of 1974, as amended, Section 206,\n                       Noncompliance,9 provides the statutory basis for NRC guidance and regulations\n                       that pertain to reporting component defects10 in operating reactors. Specifically,\n                       Section 206 requires licensees that operate nuclear power plants to notify NRC\n\n\n\n                        9\n                            \x07For the purposes of this report, Energy Reorganization Act of 1974, as amended, Section 206,\n                             Noncompliance is referred to as Section 206.\n\n\n\n\n16   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0c                                                                                              Defect Reporting vs.\n                                                                                           Event Reporting Differences\nof defects in basic components11 that could cause a\nsubstantial safety hazard.12\n\nNRC uses Title 10, CFR, Part 21, Reporting of Defects and\nNoncompliance (Part 21) to implement the provisions of\nSection 206. Part 21 requires that licensees inform NRC if\nthey obtain information that indicates that basic compo-\nnents fail to comply with regulatory requirements relating\nto substantial safety hazards or contain defects that could\ncreate a substantial safety hazard. NRC revised Part 21 in\n1991. Among other things, the revision was intended to                             Source: OIG analysis of NRC Data\n\nreduce duplicative licensee reporting require-\nments, and allow for reporting of defects              Reports from Nuclear Power Plants, 1998-2009\nunder NRC event reporting regulations.\nThese NRC event reporting regulations are\ncontained in Title 10, Code of Federal Regu-\nlations, Part 50.72 and Part 50.73 (Part 50\nSections 72/73).\n\nThere are differences between Part 21 and\nPart 50 Sections 72/73 reporting require-\nments. One difference is that Part 21 concerns\nitself with component defect reporting,\nwhereas Part 50 Sections 72/73 describe event                                      Source: OIG analysis of NRC Data\n\nreporting. Consequently, the thresholds for reporting a component defect under\nPart 21 are different than those for Part 50 Sections 72/73. Another difference is\nthat Part 21 defect reporting requires an evaluation and report if the defect could\ncause a loss of safety function, whereas Part 50 Sections 72/73 events require\nreporting of only actual losses of safety function. In addition, Part 21 defect\nreporting requirements include individual component failures if the failures are\ncaused by a defect. Part 50 Sections 72/73 would not require reporting of an\nindividual component failure unless the failure caused a loss of safety function.\n\nTo illustrate the difference, two nuclear power plants could experience the same\nbasic component failure due to a defect that did not cause an event. Some\nlicensees interpret this as reportable under Part 21, whereas others do not, since\n\n\n10 \x07\n     A defect is a deviation in a basic component delivered to a purchaser for use in operating nuclear\n     power plants if, on the basis of an evaluation, the deviation could create a substantial safety\n     hazard.\n11\n     \x07 basic component is a structure, system, or component that assures the integrity of the reactor\n     A\n     coolant pressure boundary; the capability to shut down the reactor and maintain it in a safe\n     shutdown condition; or the capability to prevent or mitigate the consequences of accidents. It is,\n     essentially, a safety-related component.\n12\n     \x07 substantial safety hazard is the loss of safety function to the extent that there is a major reduc-\n     A\n     tion in the degree of protection provided to public health and safety. Safety functions are neces-\n     sary to ensure the integrity of the reactor coolant pressure boundary, the capability to shut down\n     the reactor and maintain it in a safe shutdown condition, or the capability to prevent or mitigate\n     the consequences of accidents that could result in certain potential offsite exposures.\n\n\n\n                                                                               October 1, 2010\xe2\x80\x93March 31, 2011            17\n\x0c                       an event did not occur based on Part 50 Sections 72/73. However, Section 206\n                       (which provides the statutory basis for Part 21) requires reporting of component\n                       defects that could cause a loss of safety function as well as those that did cause\n                       an actual loss of safety function.13\n\n                       The audit objective was to determine if NRC\xe2\x80\x99s implementation of Federal\n                       regulations requiring reactor licensees to report defects contained in installed\n                       equipment is meeting the intent of the Energy Reorganization Act of 1974, as\n                       amended, Section 206, Noncompliance.\n\n                       Audit Results:\n                       NRC staff has initiated action to better align NRC\xe2\x80\x99s defect reporting guidance\n                       with Section 206 of the Energy Reorganization Act. However, NRC will need\n                       to take further action so that NRC\xe2\x80\x99s implementation of Part 21 fully meets the\n                       intent of Section 206.\n\n                       Despite Section 206 requirements for licensees that operate nuclear power plants\n                       to notify NRC of defects in basic components that could cause a substantial\n                       safety hazard, NRC staff have noted Part 21 reporting issues, and OIG analysis of\n                       industry data indicate that there are apparent unreported Part 21 defects. For\n                       example, an NRC staff analysis of Part 50 Sections 72/73 event reports of events\n                       with potential Part 21 implications during the period December 2009 through\n                       September 2010 identified 24 instances of events that had not been reported\n                       under Part 21 despite implications that such reporting may have been warranted.\n                       OIG independently analyzed Part 50 Sections 72/73 event reports and found 11\n                       that contained apparent Part 21 reportable defects where the licensee had not\n                       indicated that it conducted a Part 21 evaluation or provided a Part 21 report.\n\n                       These reporting issues exist because NRC regulations and guidance for imple-\n                       menting Section 206 are contradictory and unclear, and the NRC Baseline Inspec-\n                       tion Program does not include requirements to inspect licensee reporting of Part\n                       21 defects. Incomplete implementation of Section 206 could reduce the margin\n                       of safety for operating nuclear power reactors as NRC may remain unaware of\n                       component failures that have resulted from manufacturing defects. Unless NRC\n                       takes action to fully implement Section 206, staff and stakeholders may not be\n                       notified of component defects. Additionally, NRC inspectors face difficulties in\n                       enforcing defect reporting given the lack of clarity in Part 21 and related guidance.\n\n                       (Addresses Management and Performance Challenges #1 and #3)\n\n\n\n                       13\n                            \x07 art 50 Sections 72/73 require power reactor licensees to notify NRC of any event or condition\n                            P\n                            that at the time of discovery could have prevented the fulfillment of the safety function of struc-\n                            tures or systems that are needed to (A) shut down the reactor and maintain it in a safe shut-\n                            down condition, (B) remove residual heat, (C) control the release of radioactive material, or (D)\n                            mitigate the consequences of an accident. Furthermore, Part 50 Sections 72/73 state that events\n                            required to be reported under Part 50 Sections 72/73 may include one or more procedural errors;\n                            equipment failures; and/or discovery of design, analysis, fabrication, construction, and/or proce-\n                            dural inadequacies. However, individual component failures need not be reported under Part\n                            50 Sections 72/73 if redundant equipment in the same system was operable and available to\n                            perform the required safety function.\n\n\n\n18   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cAudit of NRC\xe2\x80\x99s Implementation of HSPD-12 Phase 2\nOIG Strategic Goal: Security\nHomeland Security Presidential Directive 12 (HSPD-12) is a Presidential\ndirective issued in August 2004. HSPD-12 states that it is national policy to\n\xe2\x80\x9cenhance security, increase E-Government efficiency, reduce identity fraud, and\nprotect personal privacy\xe2\x80\x9d by establishing common identification standards for\nall Federal Government employees and contractors.14 Further, HSPD-12 directs\nexecutive branch agencies to use standardized identification to gain physical\naccess to Federal facilities and logical access to Federal information systems. As\na Federal executive branch agency,15 NRC is required to comply with HSPD-12\nrequirements.\n\nOMB is responsible for issuing implementation guidance and ensuring Federal\nagencies\xe2\x80\x99 compliance with this guidance. OMB is also responsible for ensuring\nagency compliance with technical standards issued by the Secretary of\nCommerce. The National Institute of Standards and Technology\xe2\x80\x94an organiza-\ntion within the Department of Commerce\xe2\x80\x94established basic technical standards\nin Federal Information Processing Standards Publication 201 (FIPS 201).16\n\nFIPS 201 prescribes standards for verifying the identities of Federal employees\nand contractors,17 issuing identification cards known as Personal Identity\nVerification (PIV) cards,18 and managing data systems to support use of PIV cards.\n\nUse of PIV cards is a basic element of a broader Federal Government initiative\ncalled Identity, Credential, and Access Management (ICAM), which aims to carry\nout specific provisions as well as the full intent of HSPD-12. ICAM programs\nhave two main areas of operations: physical access control systems (PACS), which\nprovide physical security at Federal facilities, and logical access control systems\n(LACS), which address the security of Federal computer networks.\n\nNRC\xe2\x80\x99s Office of Administration (ADM) has primary responsibility for PACS\nimplementation, including installation and maintenance of PIV card readers\nthat control access at doors and other entry points at NRC facilities. At the\nend of this audit, NRC had completed installation of PIV card readers and the\nsupporting data system within headquarters buildings. However, ADM staff told\nauditors that PACS deployment at NRC regional offices was ongoing and would\nlikely continue through the first half of calendar year 2011.\n14\n     \x07 omeland Security Presidential Directive 12, Policy for a Common Identification Standard for\n     H\n     Federal Employees and Contractors, August 27, 2004.\n15\n     \x07Title 5 U.S. Code \xc2\xa7105.\n16\n     \x07 ederal Information Processing Standards Publication 201-1, Personal Identity Verification\n     F\n     (PIV) of Federal Employees and Contractors, National Institute of Standards and Technology,\n     March 2006.\n17\n     \x07FIPS 201 refers to this process as identity proofing.\n18\n     S\x07 pecifically, FIPS 201 describes PIV card elements, system interfaces, and security controls\n      required to securely store, process, and retrieve identity credentials from the PIV card. Physical\n      card characteristics, storage media, and data elements that make up identity credentials are\n      specified in this standard.\n\n\n                                                                               October 1, 2010\xe2\x80\x93March 31, 2011   19\n\x0c     HSPD-12 Badge and reader               NRC\xe2\x80\x99s Office of Information Services (OIS) provides information\n                                            technology support for PACS, and has primary responsibility for\n                                            forthcoming efforts to implement LACS at employees\xe2\x80\x99 computer\n                                            workstations. To implement LACS, NRC will equip employee\n                                            workstations with PIV card readers, and the cards will authenti-\n                                            cate users to NRC\xe2\x80\x99s network in lieu of multiple currently required\n                                            application-specific passwords. OIS has started a pilot LACS\n                                            program and expects to begin implementing the technology\n                                            agencywide by the end of calendar year 2011.19\n\n                                            The audit objective was to assess whether NRC has effectively\nSource: NRC                                 implemented its ICAM programs.\n\n                         Audit Results:\t\n                         NRC completed implementation of the PACS portion of its ICAM program at\n                         headquarters facilities during calendar year 2010, and expects to conclude this\n                         work at regional offices during the first half of calendar year 2011. All NRC staff\n                         and contractors eligible for the new PIV identification cards required by HSPD-12\n                         have obtained these cards, and NRC continues to integrate PIV card technology\n                         with physical security upgrades at its facilities. Further, NRC has begun piloting\n                         the use of LACS at employees\xe2\x80\x99 computer workstations to enhance network\n                         security and simplify the log-in process.\n\n                         Based on NRC\xe2\x80\x99s experience in transitioning to the new PACS technology, OIG\n                         identified opportunities to facilitate the NRC\xe2\x80\x99s LACS implementation through\n                         improved employee outreach and training. For example, NRC conducted\n                         limited outreach activities and no formal user training in preparation for PACS\n                         implementation. While this had relatively minor effects on employee attitudes\n                         toward and understanding of PACS use, NRC\xe2\x80\x99s forthcoming LACS implementa-\n                         tion will significantly impact policies and procedures for accessing NRC computer\n                         networks. Consequently, NRC employees must have a clear understanding of\n                         these policies and procedures to avoid disruptions that could adversely affect\n                         employee productivity.\n\n                         (Addresses Management and Performance Challenges #5)\n\n\n\n                         Inspector General\xe2\x80\x99s Assessment of the Most Serious\n                         Management and Performance Challenges Facing NRC\n                         OIG Strategic Goal: Corporate Management\n                         The Reports Consolidation Act of 2000 requires the Inspector General (IG) of\n                         each Federal agency to summarize annually what he or she considers to be the\n                         most serious management and performance challenges facing the agency and to\n                         assess the agency\xe2\x80\x99s progress in addressing those challenges.\n\n                         19\n                              \x07 wo NRC computer applications\xe2\x80\x94the National Source Tracking System and the Safeguards\n                              T\n                              Information Local Area Network and Electronic Safe\xe2\x80\x94already employ LACS technology.\n\n\n\n20     N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cIn accordance with the act, the IG at the NRC updated what he considered to be the\nmost serious management and performance challenges facing NRC as of October 1,\n2010. The IG evaluated the overall work of the OIG, the OIG staff\xe2\x80\x99s general knowl-\nedge of agency operations, and other relevant information to develop and update\nhis list of management and performance challenges. As part of the evaluation,\nOIG staff sought input from NRC\xe2\x80\x99s Chairman, Commissioners, and management to\nobtain their views on what challenges the agency is facing and what efforts the\nagency has taken to address previously identified management challenges.\n\nAudit Results:\nThe IG identified seven challenges that he considered the most serious management\nand performance challenges facing NRC as of October 1, 2010. The challenges iden-\ntify critical areas or difficult tasks that warrant high-level management attention.\n\nThe 2010 list of challenges reflects one change from the 2009 list. Prior Challenge 6,\nAdministration of all aspects of financial management, was reworded to include a\nreference to procurement. The new wording, Administration of all aspects of\nfinancial management and procurement, is intended to reflect the overarching\nresponsibility that NRC has to manage and exercise stewardship over its resources.\n\nThe following chart provides an overview of the seven most serious\nmanagement and performance challenges as of October 1, 2010.\n\n              Most Serious Management and Performance Challenges\n                   Facing the Nuclear Regulatory Commission *\n                               as of October 1, 2010\n                      (as identified by the Inspector General)\n\n  Challenge 1\t Protection of nuclear material used for civilian purposes.\n\n  Challenge 2\t\x07Managing information to balance security with openness and\n               accountability.\n\n  Challenge 3\t\x07Ability to modify regulatory processes to meet a changing\n               environment, to include the licensing of new nuclear facilities.\n\n  Challenge 4\t Oversight of radiological waste.\n\n  Challenge 5\t\x07Implementation of information technology and information\n               security measures.\n\n  Challenge 6\t\x07Administration of all aspects of financial management and\n               procurement.\n\n  Challenge 7\t Managing human capital.\n\n  *\x07The most serious management and performance challenges are not ranked\n    in any order of importance.\n\n(Addresses All Management and Performance Challenges)\n\n\n\n                                                                October 1, 2010\xe2\x80\x93March 31, 2011   21\n\x0c                       AUD I T S I N P RO G R E S S\n                       Audit of the NRC\xe2\x80\x99s Shared Drives\n                       OIG Strategic Goal: Security\n                       NRC employees save documents on various drives on the agency\xe2\x80\x99s networks.\n                       Most drives limit access to individual employees, offices, or other organizational\n                       units. However, some drives on the network allow NRC employees to read or\n                       edit documents stored on shared drives regardless of employees\xe2\x80\x99 organizational\n                       affiliations or need to access the documents. These shared drives facilitate\n                       collaboration among NRC employees by enabling them to exchange information\n                       across organizational lines.\n\n                       NRC directs that shared drives be used to process non-sensitive information only.\n                       Sensitive non-safeguards information requires a higher level of control than is\n                       easily possible on shared drives; consequently, sensitive non-safeguards\n                       information is not supposed to be processed on shared drives.\n\n                       Following recommendations from a 2006 OIG audit, NRC scans networks on\n                       an annual basis to determine whether one type of sensitive non-safeguards\n                       information \xe2\x80\x93 personally identifiable information, or \xe2\x80\x9cPII\xe2\x80\x9d\xe2\x80\x94 is stored on agency\n                       drives. If the automated scans detect documents containing PII on the agency\xe2\x80\x99s\n                       network, NRC contacts document owners, who are then responsible for\n                       determining the proper solution for managing the documents in question. In\n                       some cases, the documents may be expunged; in other cases, the documents\n                       may continue to be stored on NRC\xe2\x80\x99s network.\n\n                       Despite NRC\xe2\x80\x99s procedures for PII scanning, and despite periodic announcements\n                       reminding NRC employees of their responsibilities for safeguarding PII and\n                       other forms of sensitive non-safeguards information, NRC staff have expressed\n                       concerns to OIG that agency policies and procedures are not consistently\n                       implemented.\n\n                       The audit objective is to assess whether NRC effectively safeguards personally\n                       identifiable information and other sensitive information on the agency\xe2\x80\x99s\n                       shared drives.\n\n                       (Addresses Management and Performance Challenge #5)\n\n\n\n\n22   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cEvaluation of the Contract Award Process\nOIG Strategic Goal: Corporate Management\nIt is NRC\xe2\x80\x99s policy that acquisitions of supplies and services support the\nagency\xe2\x80\x99s mission; are planned, awarded, and administered efficiently and\neffectively; and are accomplished in accordance with applicable Federal statutes\nand procurement regulations. NRC acquisitions must adhere to the Federal\nAcquisition Regulation (FAR) and the NRC Acquisition Regulation (NRCAR). The\nFederal acquisition process is intended, among other objectives, to satisfy the\ncustomer in terms of cost, quality, and timeliness of the delivered product or\nservice. The vision for the Federal acquisition process is to deliver on a timely\nbasis the best value product or service to the customer, while maintaining the\npublic\xe2\x80\x99s trust and fulfilling public policy objectives.\n\nThe Division of Contracts obligated approximately $17.2 million and $6.6 million\nduring FY 2009 and FY 2010 (as of June 25, 2010), respectively, for new contract\nawards.\n\nThe evaluation objectives are to obtain an understanding of the NRC\xe2\x80\x99s contract\naward process and perform sufficient work to report on the agency\xe2\x80\x99s (1) compli-\nance with applicable requirements (e.g., FAR and NRCAR requirements), and\n(2) identify any opportunities to improve the efficiency and effectiveness of the\ncontract award process to include timeliness and internal controls.\n\n(Addresses Management and Performance Challenge #6)\n\n\n\nAudit of NRC\xe2\x80\x99s Purchase Card Program\nOIG Strategic Goal: Corporate Management\nNRC employees use purchase cards for purchases of supplies and services that do\nnot exceed $3,000. During FY 2009, there were approximately 10,000 purchase\ncard transactions conducted by 124 NRC employees that totaled more than\n$6,000,000.\n\nNRC\xe2\x80\x99s Purchase Card Program guidance states the procedures that need to be\nfollowed for the usage of purchase cards by NRC employees and the responsibili-\nties of the staff managing the program.\n\nRecent audits conducted by other Federal agencies on their respective purchase\ncard programs have found significant internal control deficiencies that have led\nto the improper usage of Government issued purchase cards.\n\nThe audit objective is to determine whether NRC has established and implemented\nan effective system of internal control over the use of Federal purchase cards.\n\n(Addresses Management and Performance Challenge #6)\n\n\n\n                                                             October 1, 2010\xe2\x80\x93March 31, 2011   23\n\x0c                       Audit of the NRC\xe2\x80\x99s iLearn Learning Management System\n                       OIG Strategic Goal: Corporate Management\n                       iLearn is NRC\xe2\x80\x99s learning management system that was developed to serve as the\n                       central point for all training activities across the agency and to provide detailed\n                       training information for all NRC employees.\n\n                       The system was developed by a contractor under an interagency agreement with\n                       the Office of Personnel Management. Its purpose is to provide access to online\n                       courses from courseware libraries as well as custom courses developed by NRC,\n                       allow staff to register for courses and submit training requests online, complete\n                       training evaluations, and generate training reports.\n\n                       Since its April 2008 deployment, the system has experienced problems. For\n                       example, an attempt was made to move all agency online training from NRC\xe2\x80\x99s\n                       server onto iLearn. This would permit employees to launch all online training\n                       from one application and have course completion information automatically\n                       added to their learning history. However, many of the online training courses\n                       are not working correctly due to technical problems that cause them to launch\n                       incorrectly or not launch at all. Consequently, many of the online courses were\n                       removed from iLearn and placed back on the NRC server.\n\n                       The audit objective is to determine the effectiveness of the iLearn Learning\n                       Management System to meet the agency\xe2\x80\x99s current and future training needs.\n\n                       (Addresses Management and Performance Challenge #7)\n\n\n\n                       Audit of NRC\xe2\x80\x99s Shuttle Service\n                       OIG Strategic Goal: Corporate Management\n                       The ongoing expansion of the NRC headquarters White Flint Complex has required\n                       that some employees be temporarily relocated to several buildings outside of the\n                       main complex. Relocated employees are currently working from the Gateway\n                       Building in Bethesda, and the Executive Boulevard, Twinbrook, and Church\n                       Street Buildings in Rockville. NRC has implemented a shuttle service to transport\n                       employees and contractors between the White Flint Complex and the tempo-\n                       rary locations to conduct official agency business. The temporary locations were\n                       intended to be located within walking distance of public transportation.\n\n                       The agency has a 2.5-year, $2.7-million contract with Blue Ridge Limousine and\n                       Tour Service, Inc., for shuttle services. The shuttle service currently operates six\n                       buses: one bus runs round trip between the White Flint Complex and the\n\n\n\n\n24   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cExecutive Boulevard Building 35 times per day; two buses run round trip\nbetween the White Flint Complex and Church Street 34 times per day; one bus\nruns round trip between the White Flint Complex and Twinbrook 23 times per\nday; and two buses run between the White Flint Complex and the Gateway\nbuilding 22 times per day. There are no buses that run from one interim\nlocation to another.\n\nThe audit objective is to determine the effectiveness, efficiency, and economy of\nthe shuttle services versus public transportation.\n\n(Addresses Management and Performance Challenge #6)\n\n\n\nAudit of NRC\xe2\x80\x99s FY 2011 Financial Statements\nOIG Strategic Goal: Corporate Management\nUnder the Chief Financial Officers Act and the E-Government Management\nand Reform Act, the OIG is required to audit the financial statements of the\nNRC. The report on the audit of the agency\xe2\x80\x99s financial statements is due on\nNovember 15, 2011. In addition, OIG will issue reports on:\n\n\xe2\x80\xa2\t   Special Purpose Financial Statements.\n\n\xe2\x80\xa2\t   Implementation of the Federal Managers\xe2\x80\x99 Financial Integrity Act.\n\n\xe2\x80\xa2\t   Condensed Financial Statements.\n\nThe audit objectives are to:\n\n\xe2\x80\xa2\t   Express opinions on the agency\xe2\x80\x99s financial statements and internal controls.\n\n\xe2\x80\xa2\t   Review compliance with applicable laws and regulations.\n\n\xe2\x80\xa2\t   Review the controls in the NRC\xe2\x80\x99s computer systems that are significant to the\n     financial statements.\n\n\xe2\x80\xa2\t   Assess the agency\xe2\x80\x99s compliance with Office of Management and Budget\n     Circular A-123, Revised, Management\xe2\x80\x99s Responsibility for Internal Control.\n\n(Addresses Management and Performance Challenge #6)\n\n\n\n\n                                                              October 1, 2010\xe2\x80\x93March 31, 2011   25\n\x0c                       Audit of NRC\xe2\x80\x99s Management of Licensee Commitments\n                       OIG Strategic Goal: Safety\t\n                       Nuclear power plant and materials licensees make commitments to NRC to\n                       perform certain functions to gain NRC\xe2\x80\x99s approval on technical issues with regard\n                       to a licensing action. Commitments may or may not be legally binding require-\n                       ments, depending on how they are developed and agreed upon by NRC and\n                       the licensees. The type of commitment may dictate the enforcement options\n                       available to NRC. There are widespread opinions among agency officials as to\n                       whether commitments are enforceable, can be voluntarily withdrawn by the\n                       licensee, and are important for tracking.\n\n                       The audit objective is to determine how NRC manages licensee commitments,\n                       including tracking, auditing, trending, monitoring, and enforcing.\n\n                       (Addresses Management and Performance Challenge #3)\n\n\n\n                       Audit of NRC\xe2\x80\x99s Oversight of Master Materials Licensees\n                       OIG Strategic Goal: Safety\n                       The Office of Federal and State Materials and Environmental Management\n                       Programs has, among other activities, the responsibility to provide program\n                       oversight for the master materials license program. Master materials licenses are\n                       issued by NRC to provide designated organizations with regulatory authority for\n                       the receipt, possession, distribution, use, transportation, transfer, and disposal\n                       of radioactive material. As of August 2010, there were three master materials\n                       licensees: the Departments of Air Force, Navy, and Veterans Affairs (VA).\n\n                       The public and Government officials have recently questioned the effectiveness\n                       of NRC oversight in the aftermath of the reported misadministration of treat-\n                       ments to 97 patients at a VA hospital in Pennsylvania. Congressional and public\n                       interest remains high where nuclear materials are involved and there remains\n                       public concern with respect to the use of radioactive material at other VA\n                       hospitals and other organizations to which NRC has delegated master materials\n                       licenses.\n\n                       The audit objective is to determine the extent to which NRC is providing\n                       effective oversight of master materials licensees.\n\n                       (Addresses Management and Performance Challenge #1)\n\n\n\n\n26   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cAudit of NRC\xe2\x80\x99s Oversight of Independent Spent Fuel\nStorage Installations Safety\nOIG Strategic Goal: Safety\nThe need for alternative spent fuel storage began to grow in the late 1970s/\nearly 1980s as spent fuel pools at many nuclear reactors began to fill up with\nstored fuel. NRC authorizes licensees to store spent nuclear fuel at independent\nspent fuel storage installations (ISFSIs), generally consisting of casks on a concrete\npad located onsite. A site-specific ISFSI is licensed for 20 years from the date of\napproval.\n\nThus, until a high-level waste repository is made available, spent nuclear fuel at\nISFSIs across the Nation will continue to accumulate.\n\nThe audit objective is to determine if NRC has the requisite processes in place for\nreviewing ISFSIs safety.\n\n(Addresses Management and Performance Challenge #4)\n\n\n\nAudit of NRC\xe2\x80\x99s Oversight of Independent Spent Fuel\nStorage Installations Security\nOIG Strategic Goal: Security\nAn ISFSI is a storage facility for spent nuclear fuel. Under the Atomic Energy\nAct of 1954, as amended, NRC has the responsibility to establish rules, regula-\ntions, orders, and policies to ensure that source material, byproduct material,\nand special nuclear material are stored in a manner to adequately protect public\nhealth and safety, the common defense and security, and the environment.\n\nFollowing the terrorist events of September 11, 2001, NRC issued security orders\n(in October 2002) to all ISFSI licensees to ensure that a consistent overall protec-\ntive strategy was in place. On December 18, 2007, the Commission directed Office\nof Nuclear Security and Incident Response (NSIR) staff to develop risk-informed\nand performance-based regulations to enhance security requirements. The\nCommission also directed NSIR staff to undertake a rulemaking to update the\nsecurity requirements. NRC staff have received public comment on the proposed\nsecurity rules. Public stakeholders have raised concerns that the proposed rules do\nnot sufficiently emphasize anti-terrorism capabilities.\n\nThe audit objective is to determine the adequacy of NRC\xe2\x80\x99s oversight of ISFSI\nsecurity.\n\n(Addresses Management and Performance Challenge #4)\n\n\n\n\n                                                               October 1, 2010\xe2\x80\x93March 31, 2011   27\n\x0cI n v e s ti g ati o n s\n                       During this reporting period, OIG received 123 allegations, initiated 32\n                       investigations, and closed 12 cases. In addition, the OIG made 25 referrals to\n                       NRC management and six to the Department of Justice.\n\n                       I N VE ST I G AT IV E CA S E S UMMAR IE S\n                       NRC Actions Concerning Licensee Statements Regarding\n                       Adequacy of Decommissioning Trust Fund Balances\n                       OIG Strategic Goal: Corporate Management\n                       OIG conducted an investigation based on an allegation submitted by a private\n                       citizen to NRC under Title 10 Code of Federal Regulations (CFR) Section 2.206,\n                       which permits any person to file a petition requesting that the NRC Commission\n                       take enforcement-related action, i.e., to modify, suspend, or revoke a license\n                       or to take other appropriate action. The 2.206 petition must be in writing and\n                       provide the grounds for taking the proposed action.\n\n                       According to the petition filed by the private citizen, NRC knowingly allowed\n                       Entergy to lie about the amount of money in its decommissioning trust fund\n                       for three of its utilities, Vermont Yankee, River Bend, and Indian Point nuclear\n                       power plants. The citizen also alleged that he was personally lied to by NRC\n                       staff in a letter dated December 17, 2009, which stated, \xe2\x80\x9conly the decommis-\n                       sioning trust funds for Entergy\xe2\x80\x99s Vermont Yankee and River Bend nuclear power\n                       plants do not currently meet the funding levels of 10 CFR 50.75.\xe2\x80\x9d The person\n                       alleged that Indian Point Unit 2 also had a funding shortfall; thus, the letter he\n                       received was inaccurate.\n\n                       Title 10 CFR 50.75 requires a licensee to provide every 2 years a report on the\n                       state of its decommissioning trust fund. The purpose of the fund is to provide\n                       reasonable assurance that a licensee has sufficient funds to pay for the cleanup\n                       and removal of all nuclear and radiological material from the site. Regardless,\n                       of the amount of money in the fund, a licensee is considered compliant as long\n                       as the report is filed.\n\n                       OIG found no evidence to substantiate the claim that Entergy lied about the\n                       state of its decommissioning trust fund, and no evidence that NRC staff know-\n                       ingly allowed the company to lie. OIG also found that NRC\xe2\x80\x99s letter, dated\n                       December 17, 2009, accurately reflected the state of Entergy\xe2\x80\x99s decommissioning\n                       trust fund.\n\n                       (Addresses Management and Performance Challenge #7)\n\n\n\n\n28   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cNational Fire Protection Association Standard 805\nConcerns at Shearon Harris Nuclear Power Plant\nOIG Strategic Goal: Safety\nOIG conducted an investigation based on an allegation\nfrom several stakeholders. The stakeholders alleged\nthat in implementing a pilot program concerning a\nperformance-based regulatory standard for fire protec-\ntion in accordance with 10 CFR 50.48(c) at Shearon Harris\nnuclear power plant the NRC is directing licensees to use\nfire models that have not been validated and verified as\nrequired by National Fire Protection Association (NFPA)\nStandard 805. They further alleged that a former NRC\n                                                                        Shearon Harris Nuclear Power Plant.\nemployee was wrongfully terminated for speaking out                                  Photo Courtesy Progress Energy\nagainst the performance-based standard for fire protection.\n\n10 CFR 50.48(c) authorizes licensees to use NFPA 805 as a risk-informed, perfor-\nmance-based fire protection program as an alternative to the prescriptive\nregulatory standard known as Appendix R, referenced in 10 CFR.48(b). NFPA\nspecifies the minimum fire protection requirements during all phases of plant\noperation, including shutdown, degraded conditions, and decommissioning.\n\nOIG reviewed NUREG-1824, Verification and Validation of Selected Fire Models\nfor Nuclear Power Plant Applications, and found that, in conjunction with the\nElectric Power Research Institute, the NRC had conducted research that vali-\ndated and verified five separate fire models which licensees may use to imple-\nment NFPA 805 in nuclear power plants. Although the allegers claimed that\nNUREG-1824 states that the models had been found unacceptable for use in\nnuclear power plants, a review of Section 3.1 of NUREG-1824, revealed that all\nfive models were found acceptable for use in nuclear power plant applications.\nIn addition, licensees are not required to use these specific fire models, but may\nuse any model that has been validated and verified and appropriately applied\nwithin their limitations. OIG also found that the NRC employee was terminated\nfor reasons not related to his opinions regarding fire protection regulation.\n\n(Addresses Management and Performance Challenge #3)\n\n\n\n\n                                                             October 1, 2010\xe2\x80\x93March 31, 2011                    29\n\x0c                       Improper Billing on the Safeguards Information Local\n                       Area Network Contract And Contract Mismanagement\n                       OIG Strategic Goal: Corporate Management\n                       OIG conducted an investigation based on an allegation by an NRC subcon-\n                       tractor, Danastar Professional Services (Danastar), that (a) the NRC project\n                       manager for two of NRC\xe2\x80\x99s three Safeguards Information Local Area Network\n                       and Electronic Safe System (SLES) contracts was requesting out-of-scope records\n                       management work from one of the SLES contractors, (b) the NRC SLES project\n                       manager directed contractor staff to enter inaccurate information into SLES\n                       database fields, (c) two senior NRC managers were given SLES Smart cards\n                       without completing the required paperwork and training, and (d) the NRC SLES\n                       project manager had a personal relationship with the contractor CEO.\n\n                       The SLES provides secure wireless access to NRC\xe2\x80\x99s official recordkeeping system\n                       for safeguards information. OIG learned that the two contracts include records\n                       management work and that there is overlap between the two contracts but it is\n                       performed for different purposes in accordance with contract requirements.\n\n                       OIG did not substantiate contract mismanagement with regard to NRC\xe2\x80\x99s SLES\n                       contracts, or that the NRC SLES project manager directed that incorrect records\n                       be entered into SLES. OIG found that the two senior managers were not given\n                       a Smart card and that there was no inappropriate relationship between the\n                       NRC SLES contract project manager and the contractor CEO.\n\n                       (Addresses Management and Performance Challenge #6)\n\n\n\n\n30   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cPossible Compromise of Government BlackBerry Devices\nOIG Strategic Goal: Security\nOIG conducted an investigation to deter-\nmine whether two NRC BlackBerry devices\nwere compromised during an official\ntrip by two senior NRC staff members to\na foreign country. The two senior staff\nmembers reported that they left their\nBlackBerry devices unattended in their\nhotel rooms for more than 8 hours during\ntheir trip.\n\nA forensic analysis by the NRC OIG Cyber\nCrime Unit did not find any traces of\nmalicious software loaded on the BlackBerry mobile devices or any discrepan-       Photo Source: Shutterstock\n\ncies in the security settings to indicate these devices were altered in any way.\n\n(Addresses Management and Performance Challenge #5)\n\n\n\n\n                                                             October 1, 2010\xe2\x80\x93March 31, 2011              31\n\x0c                                                                 Control room at nuclear power plant.   Photo NRC\n\n\n\n\n32   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0c      S u mma r y            of        O IG A c c o m p l i s h m e n t s\n      October 1, 2010, through March 31, 2011\n\n\n\n      INV ESTI G AT I VE STATI ST ICS\n      Source of Allegations\n                    NRC Employee                                                                  31\n\n                 NRC Management                 4\n\n        Other Government Agency                     5\n\n                    General Public                                                                            37\n\n           OIG Investigation/Audit                                11\n\n                Regulated Industry                                     14\n\n                       Anonymous                                                 20\n\n                        Contractor      1\n\n                                            Allegations resulting from Hotline calls: 50\n\n                                                                               Total 123\n\n\n\n\n      Disposition of Allegations\n\n                              Total                                               123\n\n             Closed Administratively                              51\n\n      Referred for OIG Investigation                         32\n\nReferred to NRC Management and Staff                    25\n\n             Pending Review Action          6\n\n         Correlated to Existing Case        6\n\n              Referred to OIG Audit         1\n\n                         Processing         2\n\n\n\n\n                                                                        October 1, 2010\xe2\x80\x93March 31, 2011   33\n\x0c                       Status of Investigations\n                       DOJ Acceptance .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  0\n                       DOJ Referrals .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 6\n                       DOJ Pending .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  0\n                       DOJ Declinations  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 6\n                       Sentencing .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  0\n                       NRC Administrative Actions:\n                       \t   Terminations and Resignations .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  1\n                       \t   Suspensions and Demotions  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 1\n                       \tCounseling  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 2\n                       \tRecoveries .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  0\n                       State Referrals .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  0\n                       State Accepted  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 0\n                       PFCRA Referral  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 0\n                       PFCRA Acceptance .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  0\n                       PFCRA Recovery .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  0\n\n                       Summary of Investigations\n                       Classification of \t                                            \t     Opened \t Closed \t Cases In\n                       Investigations\t                                           Carryover\t  Cases\t  Cases\t Progress\n\n                       Bribery\t                                                        0\t  0\t 0\t  0\n                       Conflict of Interest\t                                           1\t  0\t 0\t  1\n                       External Fraud\t                                                 5\t  3\t 2\t  6\n                       False Statements\t                                               2\t  0\t 0\t  2\n                       Misuse of Government Property\t                                  0\t  0\t 0\t  0\n                       Employee Misconduct \t                                          11\t 22\t 7\t 26\n                       Management Misconduct\t                                          1\t  1\t 0\t  3\n                       Mishandling of Technical Allegations\t                           0\t  0\t 0\t  0\n                       Whistleblower Reprisal\t                                         0\t  0\t 0\t  0\n                       Miscellaneous\t                                                  1\t  3\t 2\t  2\n                       Technical Allegations\t                                          1\t  1\t 1\t  1\n                       Management Implication Report\t                                  0\t  0\t 0\t  0\n                       Event Inquiries\t                                                3\t  0\t 0\t  3\n                       Theft\t                                                          0\t 1\t 0\t1\n                       \t \t Total Investigations\t                                      25\t                32\t             12\t             45\n\n                       Other\n\n                       Projects and Proactive Initiatives\t                              0\t               10\t               0\t              0\n\n\n\n\n34   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cAUDIT L I ST I N G S\nInternal Program Audit and Evaluation Reports\nDate         Title                                               Audit Number\n10/01/2010   Inspector General Assessment of the Most Serious     OIG-11-A-01\n             Management and Performance Challenges Facing\n             NRC\n\n10/07/2010   Audit of NRC\xe2\x80\x99s Non-Concurrence Process               OIG-11-A-02\n\n11/09/2010   Independent Evaluation of NRC\xe2\x80\x99s Implementation       OIG-11-A-03\n             of the Federal Information Security Management\n             Act for Fiscal Year 2010\n\n11/09/2010   Results of the Audit of the United States Nuclear    OIG-11-A-04\n             Regulatory Commission\xe2\x80\x99s Financial Statements for\n             Fiscal Years 2010 and 2009\n\n11/16/2010   Independent Auditor\xe2\x80\x99s Report on the U.S. Nuclear     OIG-11-A-05\n             Regulatory Commission\xe2\x80\x99s Special Purpose Financial\n             Statements as of September 30, 2010 and 2009,\n             and for Years Then Ended\n\n02/04/2011   Transmittal of the Independent Auditor\xe2\x80\x99s Report      OIG-11-A-06\n             on the Condensed Financial Statements\n\n02/14/2011   Memorandum Report: Review of NRC\xe2\x80\x99s                   OIG-11-A-07\n             Implementation of the Federal Managers\xe2\x80\x99 Financial\n             Integrity Act for Fiscal Year 2010\n\n03/23/2011   Audit of NRC\xe2\x80\x99s Implementation of 10 CFR Part 21,     OIG-11-A-08\n             Reporting of Defects and Noncompliance\n\n03/30/2011   Audit of NRC\xe2\x80\x99s Implementation of HSPD-12 Phase 2     OIG-11-A-09\n\n\n\n\n                                                           October 1, 2010\xe2\x80\x93March 31, 2011   35\n\x0c                                                                 Reactor containment area.   Photo NRC\n\n\n\n\n36   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cA u d it R e s o l u ti o n A c ti v iti e s\nTA BLE I\nOIG Reports Containing Questioned Costs20\n\t\t                  Questioned\t Unsupported\n\t        Number of\t    Costs\t       Costs\nReports\t  Reports\t   (Dollars)\t   (Dollars)\n\nA.\t       For which no management decision\n          had been made by the commencement\n          of the reporting period\t                                    0\t                      0\t         0\n\nB.\t       Which were issued during the\n          reporting period\t                                           0\t                      0\t         0\n\n\t         Subtotal (A + B)\t                                           0\t 0\t0\n\nC.\t       For which a management decision was\n          made during the reporting period:\n\n\t         (i) \t dollar value of disallowed costs\t                     0\t                      0\t         0\n\n\t         (ii)\t   dollar value of costs not disallowed\t               0\t                      0\t         0\n\nD.\t       For which no management decision\n          had been made by the end of the\n          reporting period\t                                           0\t                      0\t         0\n\nE.\t       For which no management decision was\n          made within 6 months of issuance\t                           0\t                      0\t         0\n\n\n\n\n20\n     \x07 uestioned costs are costs that are questioned by the OIG because of an alleged violation of a\n     Q\n     provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or\n     document governing the expenditure of funds; a finding that, at the time of the audit, such costs\n     are not supported by adequate documentation; or a finding that the expenditure of funds for the\n     intended purpose is unnecessary or unreasonable.\n\n\n\n\n                                                                             October 1, 2010\xe2\x80\x93March 31, 2011   37\n\x0c                     TA B LE I I\n                     OIG Reports Issued with Recommendations\n                     That Funds Be Put to Better Use21\n                     \t                                                                     Number of\t           Dollar Value\n                     Reports\t                                                               Reports\t             of Funds\n\n                     A.\t      For which no management decision\t 0\t 0\n                              had been made by the commencement\n                              of the reporting period\t\t\t\n\n                     B.\t      Which were issued during the \t 0\t                                                        0\n                              reporting period\t\t\n\n                     C.\t      For which a management decision was\t\n                              made during the reporting period:\t\t\n\n                     \t         (i) \t dollar value of recommendations\t                           0\t                     0\n                              \t      that were agreed to by management\n\n                     \t         (ii) \t dollar value of recommendations \t                         0\t                     0\n                               \t      that were not agreed to by management\n\n                     D.\t      For which no management decision had\t                             0\t                     0\n                              been made by the end of the reporting\n                              period\n\n                     E.\t      For which no management decision was\t 0\t 0\n                              made within 6 months of issuance\t\t\t\n                              \t\n\n\n\n\n                     21\n                         \x07\x07A \xe2\x80\x9crecommendation that funds be put to better use\xe2\x80\x9d is a recommendation by the OIG that funds\n                           could be used more efficiently if NRC management took actions to implement and complete\n                           the recommendation, including: reductions in outlays; deobligation of funds from programs\n                           or operations; withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or\n                           bonds; costs not incurred by implementing recommended improvements related to the operations\n                           of NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in pre-award\n                           reviews of contract or grant agreements; or any other savings which are specifically identified.\n\n\n\n\n38   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cTA BLE I I I\nSignificant Recommendations Described in Previous\nSemiannual Reports on Which Corrective Action Has\nNot Been Completed\nDate\t         Report Title\t                                                    Number\n\n05/26/2003\t    Audit of NRC\xe2\x80\x99s Regulatory Oversight of Special \t                OIG-03-A-15\t\t\n\t              Nuclear Materials\n\n\t\x07Recommendation 1: Conduct periodic inspections to verify\n  that material licensees comply with material control and\n  accountability (MC&A) requirements, including, but not\n  limited to, visual inspections of licensees\xe2\x80\x99 special nuclear\n   material (SNM) inventories and validation of reported\n  information.\n\n9/26/2008\t\x07Audit of NRC\xe2\x80\x99s Enforcement Program\t                                 OIG-08-A-17\n\n\t\x07Recommendation 2: Define systematic data collection\n  requirements for non-escalated enforcement actions.\n\n               Recommendation 3: Develop and implement a quality\n               assurance process that ensures that collected enforcement\n               data is accurate and complete.\n\n\n\n\n                                                                  October 1, 2010\xe2\x80\x93March 31, 2011   39\n\x0c               TA B LE I V\n               Summary of Audit Reports Without Management Decision\n               for More Than Six Months\n               Date\t              Report Title\t                                                 Number\n               9/28/10\t           Audit of the Nuclear Regulatory Commission\xe2\x80\x99s \t                OIG-10-A-20\t\n               \t                  Vendor Inspection Program\n\n               \t                  \x07 ummary: OIG made nine recommendations to the Executive\n                                  S\n                                  Director for Operations (EDO) of which two are unresolved.\n\n               \t\x07\n                Recommendation 1: Recommended that the Executive Director\n                for Operations develop a Vendor Inspection Program planning\n                document that: (a) Articulates a clear purpose for the Vendor\n                Inspection Program and (b) Establishes metrics to evaluate the\n                success of the Vendor Inspection Program.\n\n               \t                  \x07 eason Unresolved: The NRC staff agreed with the essence of\n                                  R\n                                  Recommendation 1 and pointed to eight broad program objectives\n                                  that are mentioned in an inspection manual. However, the purpose\n                                  of an inspection manual is to guide inspections, not to set goals\n                                  and metrics for a program. OIG believes that program-level metrics\n                                  are better when co-located in a program planning document. In\n                                  this way, Vendor Inspection Program stakeholders can observe the\n                                  linkage between the program goals and objectives and the desired\n                                  outcomes as measured by program-level metrics. As a result, this\n                                  recommendation remains unresolved. OIG expects to receive an\n                                  updated response from NRC by May 27, 2011.\n\n               \t\x07\n                Recommendation 9: Recommended that the Executive Director for\n                Operations develop guidance that clarifies the requirements for\n                vendors on how to approve accredited commercial-grade calibration\n                laboratories for safety-related applications.\n\n               \t\x07\n                Reason Unresolved: NRC staff acknowledged that clear regula-\n                tory guidance is necessary, but did not take steps to issue guidance\n                clarifications. Instead, the staff plans to issue a Commission paper\n                with suggestions to clarify the applicable regulations through a\n                rulemaking; however, the process established to approve accredited\n                commercial-grade calibration laboratories is entirely created by\n                guidance documents and is an alternative to the practice outlined\n                in regulation. Starting rulemaking with a Commission paper will\n                not clarify the current guidance-based requirements for approving\n                accredited commercial-grade calibration laboratories. As a result, this\n                recommendation remains unresolved. OIG expects to receive\n                an updated response from NRC by May 27, 2011.\n\n\n\n\n40   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cA b b r e v iati o n s             and       Acronyms\nADAMS\t     Agencywide Documents Access and Management System\n\nADM\t       Office of Administration (NRC)\n\nCFR\t       Code of Federal Regulations\n\nFAR\t       Federal Acquisition Regulation\n\nFIPS\t      Federal Information Processing Standards\n\nFISMA\t     Federal Information Security Management Act\n\nFSME\t      Office of Federal and State Materials and Environmental Management Programs (NRC)\n\nFY\t        Fiscal Year\n\nHSPD-12\t   Homeland Security Presidential Directive 12\n\nIAM\t       Issue Area Monitor\n\nICAM\t      Identity, Credential, and Access Management\n\nIG\t        Inspector General\n\nISFSI\t     independent spent fuel storage installations\n\nLACS\t      logical access control systems\n\nLEP\t       limited English proficiency\n\nMD\t        Management Directive\n\nNFPA\t      National Fire Protection Association\n\nNRC\t       U.S. Nuclear Regulatory Commission\n\nNRCAR\t     NRC Acquisition Regulation\n\nNSIR\t      Office of Nuclear Security and Incident Response (NRC)\n\nOGC\t       Office of the General Counsel (NRC)\n\nOIG\t       Office of the Inspector General (NRC)\n\nOIS\t       Office of Information Services (NRC)\n\nOMB\t       Office of Management and Budget\n\nPACS\t      physical access control systems\n\nPII\t       personally identifiable information\n\nPIV\t       personal identity verification\n\nPOA&M\t     Plan of Action and Milestones\n\nVA\t        Department of Veterans Affairs\n\n\n\n\n                                                          October 1, 2010\xe2\x80\x93March 31, 2011   41\n\x0cR e p o r ti n g R e q u i r e m e n t s\n                       The Inspector General Act of 1978, as amended (1988), specifies reporting\n                       requirements for semiannual reports. This index cross-references those\n                       requirements to the applicable pages where they are fulfilled in this report.\n\n\n                       Citation\t              Reporting Requirements\t                              Page\n\n                       Section 4(a)(2)\t       Review of Legislation and Regulations\t                   6-9\n\n                       Section 5(a)(1) \t Significant Problems, Abuses, and Deficiencies\t    12-21, 28-31\n\n                       Section 5(a)(2) \t Recommendations for Corrective Action\t                    12-21\n\n                       Section 5(a)(3) \t Prior Significant Recommendations Not Yet Completed\t          39\n\n                       Section 5(a)(4) \t Matters Referred to Prosecutive Authorities\t                  33\n\n                       Section 5(a)(5) \t Information or Assistance Refused\t                        None\n\n                       Section 5(a)(6) \t Listing of Audit Reports\t                                     34\n\n                       Section 5(a)(7) \t Summary of Significant Reports\t                    12-21, 28-31\n\n                       Section 5(a)(8) \t Audit Reports \xe2\x80\x94 Questioned Costs\t                             35\n\n                       Section 5(a)(9) \t Audit Reports \xe2\x80\x94 Funds Put to Better Use\t                      36\n\n                       Section 5(a)(10)\t Audit Reports Issued Before Commencement of the\n                       \t                 Reporting Period for Which No Management Decision\n                       \t                 Has Been Made\t                                                40\n\n                       Section 5(a)(11) Significant Revised Management Decisions\t                  None\n\n                       Section 5(a)(12) Significant Management Decisions With Which\n                       \t                 the OIG Disagreed\t                                        None\n\n                       Public Law 111-203, the Dodd-Frank Wall Street Reform and Consumer\n                       Protection Act, requires IGs to include their peer review results as an\n                       appendix to each Semiannual Report to Congress.\n\n                       Section 989C\t          Peer Review Information\t                                 43\n\n\n\n\n42   N R C O I G S e m i a nn u a l R e p or t t o C ongr e ss\n\x0cAppendix\nPeer Review Information\n\nThe OIG Audit and Investigative programs are peer reviewed every 3 years.\n\n\n\nAudits\n\nThe NRC OIG Audit program was peer reviewed most recently by the U.S. Small\nBusiness Administration Office of Inspector General. The peer review final\nreport, dated August 24, 2009, reflected that NRC OIG received a peer review\nrating of pass. This is the highest rating possible based on the\navailable options of pass, pass with deficiencies, or fail.\n\n\n\nInvestigations\n\nThe NRC OIG Investigative program was peer reviewed most recently by\nthe U.S. Department of State Office of Inspector General. The peer review\nfinal report, dated July 6, 2010, reflected that the NRC OIG is in compliance\nwith the quality standards established by the President\xe2\x80\x99s Council on Integrity\nand Efficiency/Executive Council on Integrity and Efficiency and the Attorney\nGeneral guidelines.\n\n\n\n\n                                                             October 1, 2010\xe2\x80\x93March 31, 2011   43\n\x0c\x0cOIG VISION                                                           NRC OIG\xe2\x80\x99s STRATEGIC GOALS\n\xe2\x80\x9cWe are agents of positive change striving for continuous            1. S\n                                                                        \x07 trengthen NRC\xe2\x80\x99s efforts to protect public health and safety\nimprovement in our agency\xe2\x80\x99s management and program operations.\xe2\x80\x9d         and the environment.\n                                                                     2. E\x07 nhance NRC\xe2\x80\x99s efforts to increase security in response to an\n                                                                        evolving threat environment.\nNRC OIG MISSION\n                                                                     3. I\x07 ncrease the economy, efficiency, and effectiveness with\nNRC OIG\xe2\x80\x99s mission is to (1) independently and objectively conduct       which NRC manages and exercises stewardship over its\nand supervise audits and investigations relating to NRC\xe2\x80\x99s programs      resources.\nand operations; (2) prevent and detect fraud, waste, and abuse;\nand (3) promote economy, efficiency, and effectiveness in NRC\xe2\x80\x99s\nprograms and operations.\n\n\n\n\nTop Photo: Control Room. Photo by Louie Psihoyos\nvia Getty Images.\n\nBottom Photo: Cherenkov effect in the Reed\nResearch Reactor.\n\nCenter Photo: Pilgrim Nuclear Power Station\nPhoto courtesy of Entergy Nuclear.\n\nRight Photo: Wolf Creek Nuclear Reactor\nPhoto courtesy of Wolf Creek Nuclear Operating Corp.\n\x0c               REGU\n           EAR     LA\n         CL          T\n\n\n\n\n   NU\n\n\n\n\n                        OR\nSTATES\n\n\n\n\n                          YC\n                         OMMI S\n ED\n\n\n\n\n                         SI\n    IT\n\n\n\n\n                         O\n                    N\n         UN\n\n\n\n\nThe NRC OIG Hotline\nThe Hotline Program provides NRC employees, other Government employees, licensee/utility\nemployees, contractors and the public with a confidential means of reporting suspicious\nactivity concerning fraud, waste, abuse, and employee or management misconduct.\nMismanagement of agency programs or danger to public health and safety may also be\nreported. We do not attempt to identify persons contacting the Hotline.\n\nWhat should be reported:\n\xe2\x80\xa2 Contract and Procurement Irregularities       \xe2\x80\xa2 Abuse of Authority\n                                                                                               Semiannual Report                  to   C o n g r e ss\n\xe2\x80\xa2 Conflicts of Interest                         \xe2\x80\xa2 Misuse of Government Credit Card             October 1, 2010 \xe2\x80\x93 March 31, 2011\n\xe2\x80\xa2 Theft and Misuse of Property                  \xe2\x80\xa2 Time and Attendance Abuse\n\xe2\x80\xa2 Travel Fraud                                  \xe2\x80\xa2 Misuse of Information Technology Resources\n\xe2\x80\xa2 Misconduct                                    \xe2\x80\xa2 Program Mismanagement\n\n\nWays to Contact the OIG\n                                  Call:\n                                  OIG Hotline\n                                  1-800-233-3497\n                                  TDD: 1-800-270-2787\n                                  7:00 a.m. \xe2\x80\x93 4:00 p.m. (EST)\n                                  After hours, please leave a message\n\n\n                                  Submit:\n                                  On-Line Form\n                                  www.nrc.gov\n                                  Click on Inspector General\n                                  Click on OIG Hotline\n\n\n\n                                  Write:\n                                  U.S. Nuclear Regulatory Commission\n                                  Office of the Inspector General\n                                  Hotline Program, MS O5 E13\n                                  11555 Rockville Pike\n                                  Rockville, MD 20852-2738\n\n\nNUREG-1415, Vol. 23, No. 2\nApril 2011\n\x0c'